Security Update: [CSSA-2002-SCO.5.1] REVISION: Open UNIX, UnixWare 7, OpenServer: encrypted password disclosure

From: security@caldera.com
Date: 02/18/02


To: bugtraq@securityfocus.com, announce@lists.caldera.com, scoannmod@xenitec.on.ca
From: security@caldera.com
Date: Mon, 18 Feb 2002 09:49:16 -0800


To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca

___________________________________________________________________________

            Caldera International, Inc. Security Advisory

Subject: REVISION: Open UNIX, UnixWare 7, OpenServer: encrypted password disclosure
Advisory number: CSSA-2002-SCO.5.1
Issue date: 2002 February 16
Cross reference: CSSA-2001-SCO.5
___________________________________________________________________________

1. Problem Description

        The first version of this advisory specifically mentioned a
        file that was, indeed, readable by others and contained the
        encrypted root password, but the directories leading up to it
        were not searchable. Therefore, it was not a true
        vulnerability. After some research, Caldera has discovered
        files that are accessible to others that do contain
        information that might be used to compromise the system's
        security.
        
        After installation of the product, several files are left
        readable by all users. These files contain, among other
        things, encrypted passwords.

2. Vulnerable Supported Versions

        Operating System Version Affected Files
        ------------------------------------------------------------------
        UnixWare 7 All /usr/ns-home/admserv/admpw
                                                /usr/internet/httpd/admserv/admpw
        Open UNIX 8.0.0 /usr/ns-home/admserv/admpw
                                                /usr/internet/httpd/admserv/admpw
                                                /var/sadm/pkg/update800/install/morepkgs/scripts/debug.out
        OpenServer All /var/opt/K/SCO/link/*/.softmgmt/ccsPersistent/cqs.save.file
                                                /var/opt/K/SCO/Vidconf/*/.softmgmt/ccsPersistent/iqm_file

3. Solution

        3.1 UnixWare 7

                Caldera recommends that all affected systems change
                the file modes of the following files to be readable
                only by root:

                # chmod 400 /usr/ns-home/admserv/admpw
                # chmod 400 /usr/internet/httpd/admserv/admpw

                In addition, Caldera also recommends that you change
                the root and owner passwords.

        3.2 Open UNIX

                Caldera recommends that all affected systems change
                the file modes of the following files to be readable
                only by root:

                # chmod 400 /usr/ns-home/admserv/admpw
                # chmod 400 /usr/internet/httpd/admserv/admpw
                # chmod 400 /var/sadm/pkg/update800/install/morepkgs/scripts/debug.out

                In addition, Caldera also recommends that you change
                the root and owner passwords.

        3.3 OpenServer

                Caldera recommends that all affected systems change
                the file modes of the following files to be readable
                only by root:

                # chmod 400 /var/opt/K/SCO/link/*/.softmgmt/ccsPersistent/cqs.save.file
                # chmod 400 /var/opt/K/SCO/Vidconf/*/.softmgmt/ccsPersistent/iqm_file

                In addition, Caldera also recommends that you change
                the root password.

        
4. References

        ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.5.1/

        This and other advisories are located at
                http://stage.caldera.com/support/security

        This advisory addresses Caldera Security internal incident
        sr860350.

5. Disclaimer

        Caldera International, Inc. is not responsible for the misuse
        of any of the information we provide on our website and/or
        through our security advisories. Our advisories are a service
        to our customers intended to promote secure installation and
        use of Caldera International products.

6. Acknowledgements

        Caldera wishes to thank the efforts of Derryle Gogel
        <gogeld@citifinancial.com>, who gave us the impetus to
        investigate this issue more thoroughly.

         
___________________________________________________________________________