[39405] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Access right escalation / severe permission problems on

daemon@ATHENA.MIT.EDU (spam@drwetter.org)
Mon Jul 4 17:29:26 2005

Date: 3 Jul 2005 15:11:53 -0000
Message-ID: <20050703151153.6579.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: spam@drwetter.org
To: bugtraq@securityfocus.com

Hi,

the second fix FCR7787 was released @ http://www.raritan.com/support/sup_upgrades.aspx.
FCR7551 was withdrawn.

As opposed to FCR7551 FCR7787 locks the remaining account sshd (with busybox' passwd -l). In fact it does a few exec calls (2xadduser,2xdeluser,2xpasswd). It doesn't resolve the permission problems on /etc/shadow and /bin/busybox though. 

Though asking politely the vendor again didn't notify me of the fix. 

Cheers,
       Dirk

-----

Dr. Dirk Wetter http://drwetter.org

Consulting IT-Security + Open Source 

Key fingerprint = 80A2 742B 8195 969C 5FA6 6584 8B6E 59C1 E41B 9153


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[39405] in bugtraq

Re: Access right escalation / severe permission problems on

daemon@ATHENA.MIT.EDU (spam@drwetter.org)Mon Jul 4 17:29:26 2005

daemon@ATHENA.MIT.EDU (spam@drwetter.org)
Mon Jul 4 17:29:26 2005