you told us about the workaround, but I couldnt find any such security advisory or problem on logwatch's website or other security websites. Could you please wrap it up in some form of an advisory with technical details and let the world know. =)
Thank You --------- Muhammad Faisal Rauf Danka Information Resources Security Manager InstaNet (Pvt) Ltd. web: www.insta.net.pk voice: 111-46-47-48 System Enginner Compunet Online (Pvt) Ltd. web: www.compol.com voice: 111-111-265 "Greater is the Art of beginning, but Greater is the Art of ending. " --- Ash <[EMAIL PROTECTED]> wrote: >Can we have some linkage? I didn't find any information about it on >logwatch.org or linuxsecurity.com. > >Cheers, >Ash > >Bailey Kong wrote: > >>if you haven't heard yet, root account can be compromised by a local account >>using logwatch. >> >>the current work around i got was to chattr +i /etc/passwd >> >>that makes it so /etc/passwd can't be modified, if and when you need to add >>a user you can simply do chattr -i /etc/passwd >> >>i hope no one has gotten compromised yet >> >>Bailey >> >> >> >> _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Run a small business? Then you need professional email like [EMAIL PROTECTED] from Everyone.net http://www.everyone.net?tag
