[24067] in bugtraq
Re: tac_plus version F4.0.4.alpha on at least Solaris 8 sparc
daemon@ATHENA.MIT.EDU (Devrim SERAL)
Fri Feb 1 11:22:40 2002
Message-ID: <3C5A7559.25B26857@gantek.com>
Date: Fri, 01 Feb 2002 13:00:41 +0200
From: Devrim SERAL <devrim.seral@gantek.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=iso-8859-9
Content-Transfer-Encoding: 7bit
"Kevin A. Nassery" wrote:
>
> Software: tac_plus version F4.0.4.alpha, compiled
> on Solaris 8 sparc.
>
> Abstract:
> tac_plus version F4.0.4.alpha, an example Tacacs+ daemon released
> (but not supported) by Cisco isn't careful with it's permissions when
> creating accounting files.
>
> Vulneribility:
> Any file defined with and accounting directive, in a tac_plus
> config file, is create with file permissions set at 666.
>
> Allowing any system account to modify its contents.
>
> When appending to the file, if it's not there initially, it is created.
> When it is created it is done so with file permissions set at 666.
> A simple work arround is to create a file, at the path set in the
> config file, and manually set the permission to 600. The tac_plus
> daemon will continue to append to the file, without setting the
> permissions back to 666. I just wanted to make sure this was out there
> for people who are rotating logs, and just letting the daemon create
> new files.
>
Hi,
Our patched version of tacacs+ doesn't affect this type of problem.
And i remember its fixed 1.5 years ago.
The project based on Cisco's free tacacs+ F4.0.3. And we aim to add
more
feature like db authentication , more security ,more flexible config
files and also
more ability.. This project doesn't supported by Cisco but thanks them
for
provide us tacacs+ source code.
You can find our patched and enhenced version of tacacs+ from :
http://www.gazi.edu.tr/tacacs
Note that i have tested code primarily on Linux , Solaris and FreeBSD
And it might be work on other unixes..
devrim
