Cobalt root exploit

[patrick () pine nl (Patrick Oonk)]

http://www.cobaltnet.com/security.html

(...)

An article on a security exploit was released this
morning from Wired Magazine and the San Jose Mercury
News. Cobalt would like to clarify the nature of the
claim, our response to it, and the solution.

An individual obtained password information from history
files on a Cobalt RaQ. With the RaQ, user directories are
contained within the web tree. This is intentional since
the purpose of our servers is for users to serve content
on the web.

The Details:

The /etc/skel directory does not populate user
directories with any files other than the index.html file
and a private directory. However, if a user telnets into
the box and runs various shell commands, the bash shell
maintains a .bash_history file.

The Problem:

The .bash_history file is readable by the web server. If
the admin user inadvertently types the root password at
the command line (as a command rather than as an
authentication response), the password will be recorded
in the .bash_history file. This only affects people who
telnet into the machine and make the mistake of typing
their password in as a command.

The Fix:

Cobalt has released a security patch in the form of a
package file that is installed through the web interface.
The package file changes file permissions for all hidden
files other than .htaccess in user home directories.
Package files are available at:
ftp://ftp.cobaltnet.com/pub/security or on our website
at: ShellHistoryPatch-1.0.pkg.

--
: Patrick Oonk -    http://patrick.mypage.org/  - patrick () pine nl :
: Pine Internet B.V.           Consultancy, installatie en beheer :
: Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ :
: -- Pine Security Digest - http://security.pine.nl/ (Dutch) ---- :
: "unix is voor types zonder sociaal leven..." - Patrick van Eijk :