[430] in linux-security and linux-alert archive
slackware 3.0 bad hole
daemon@ATHENA.MIT.EDU (owner-linux-security@tarsier.cv.nr)
Thu Oct 26 16:01:35 1995
From: owner-linux-security@tarsier.cv.nrao.edu
Date: Tue, 24 Oct 1995 20:11:49 -0700
To: linux-security@tarsier.cv.nrao.edu
I've just finished installing slackware 3.0 from the Walnut Creek cdrom and to
my horror I saw that in ~ftp/etc the password file has root with no password:
root-/home/ftp/etc>cat passwd
root::0:0:root:/root:/bin/bash
bin:*:1:1:bin:/bin:
daemon:*:2:2:daemon:/sbin:
adm:*:3:4:adm:/var/adm:
lp:*:4:7:lp:/var/spool/lpd:
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
mail:*:8:12:mail:/var/spool/mail:
news:*:9:13:news:/var/spool/news:
uucp:*:10:14:uucp:/var/spool/uucp:
operator:*:11:0:operator:/root:/bin/bash
games:*:12:100:games:/usr/games:
man:*:13:15:man:/usr/man:
postmaster:*:14:12:postmaster:/var/spool/mail:/bin/bash
ftp:*:404:1::/home/ftp:/bin/bash
basically everyone running an ftp site on a slackware 3.0 system is at risk
They should be aware that they need to put a * as password for ftp, and that
they can remove most of the stuff in that pwd file...
May be this would be more revlevant on the alert list...
JL
B
--
------------------------------------------------------------------------------
Jean-Luc Duprat University of British Columbia
duprat@cs.ubc.ca http://www.cs.ubc.ca/spider/duprat/homepage.html
