Bugtraq mailing list archives
Cobalt root exploit
From: patrick () pine nl (Patrick Oonk)
Date: Thu, 25 Feb 1999 23:02:17 +0100
http://www.cobaltnet.com/security.html (...) An article on a security exploit was released this morning from Wired Magazine and the San Jose Mercury News. Cobalt would like to clarify the nature of the claim, our response to it, and the solution. An individual obtained password information from history files on a Cobalt RaQ. With the RaQ, user directories are contained within the web tree. This is intentional since the purpose of our servers is for users to serve content on the web. The Details: The /etc/skel directory does not populate user directories with any files other than the index.html file and a private directory. However, if a user telnets into the box and runs various shell commands, the bash shell maintains a .bash_history file. The Problem: The .bash_history file is readable by the web server. If the admin user inadvertently types the root password at the command line (as a command rather than as an authentication response), the password will be recorded in the .bash_history file. This only affects people who telnet into the machine and make the mistake of typing their password in as a command. The Fix: Cobalt has released a security patch in the form of a package file that is installed through the web interface. The package file changes file permissions for all hidden files other than .htaccess in user home directories. Package files are available at: ftp://ftp.cobaltnet.com/pub/security or on our website at: ShellHistoryPatch-1.0.pkg. -- : Patrick Oonk - http://patrick.mypage.org/ - patrick () pine nl : : Pine Internet B.V. Consultancy, installatie en beheer : : Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ : : -- Pine Security Digest - http://security.pine.nl/ (Dutch) ---- : : "unix is voor types zonder sociaal leven..." - Patrick van Eijk :
Current thread:
- Cobalt root exploit Patrick Oonk (Feb 25)
- Re: Cobalt root exploit Jon Lewis (Feb 25)
- <Possible follow-ups>
- Re: Cobalt root exploit John Fraizer (Feb 26)
- Re: Cobalt root exploit John Fraizer (Feb 26)
- Re: Cobalt root exploit Joel Eriksson (Feb 27)
- [mutt security] tempfile race in mutt Thomas Roessler (Feb 28)
- Re: Cobalt root exploit Illuminatus Primus (Feb 26)