Users login

Create an account »


Users login

Home » Hacking News » Vulnerability in Sawmill for Solaris

Vulnerability in Sawmill for Solaris

by Nikola Strahija on February 11th, 2002 When the Sawmill executable is launched and the user enters an initial password,the password is saved in file AdminPassword. This file is created mode 0666 (world read/writeable permissions).

This happens regardless of the password_file_permissions setting in file
DefaultConfig, which is by default set to mode 0600. I have tried
this with user and root privileges and it occurs in each instance.

The default path to file AdminPassword is accessible to users.
The LogAnalysisInfo directory is created mode 0755.

The contents of the AdminPassword file are MD5'ed. It is trivial to
overwrite this value with a password of my choosing:

"rm AdminPassword; echo mypasswd | perl -p -e 'chomp' | md5sum |
| sed 's/ -//' | perl -p -e 'chomp' > AdminPassword"

I have tested the above thoroughly and it works quite well, allowing me
access to all parts of the Sawmill pages.

Solution: Upgrade to version 6.2.15;
chmod 600 AdminPassword

sawmill folks

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »