Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CSSA-2002-SCO.5-Caldera encrypted password disclosure

CSSA-2002-SCO.5-Caldera encrypted password disclosure

by Nikola Strahija on February 15th, 2002 After installation of the product, the file /var/adm/isl/ifile is left readable by all users. This file contains, among other things, the encrypted root password, and the encrypted owner password.


2. Vulnerable Supported Versions

Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /var/adm/isl/ifile
Open UNIX 8.0.0 /var/adm/isl/ifile


3. Solution

Caldera recommends that all affected systems change the file
modes of /var/adm/isl/ifile to be readable only by root:

# chmod 400 /var/adm/isl/ifile

In addition, Caldera also recommends that you change the root
and owner passwords.


4. References

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.5/

This and other advisories are located at
http://stage.caldera.com/support/security

This advisory addresses Caldera Security internal incidents
sr860350, fz520151.

5. Disclaimer

Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »