lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050703151153.6579.qmail@securityfocus.com>
Date: 3 Jul 2005 15:11:53 -0000
From: spam@...etter.org
To: bugtraq@...urityfocus.com
Subject: Re: Access right escalation / severe permission problems on
 Raritan Console Servers


Hi,

the second fix FCR7787 was released @ http://www.raritan.com/support/sup_upgrades.aspx.
FCR7551 was withdrawn.

As opposed to FCR7551 FCR7787 locks the remaining account sshd (with busybox' passwd -l). In fact it does a few exec calls (2xadduser,2xdeluser,2xpasswd). It doesn't resolve the permission problems on /etc/shadow and /bin/busybox though. 

Though asking politely the vendor again didn't notify me of the fix. 

Cheers,
       Dirk

-----

Dr. Dirk Wetter http://drwetter.org

Consulting IT-Security + Open Source 

Key fingerprint = 80A2 742B 8195 969C 5FA6 6584 8B6E 59C1 E41B 9153

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ