| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 3 Jul 2005 15:11:53 -0000
From: spam@...etter.org
To: bugtraq@...urityfocus.com
Subject: Re: Access right escalation / severe permission problems on
Raritan Console Servers
Hi,
the second fix FCR7787 was released @ http://www.raritan.com/support/sup_upgrades.aspx.
FCR7551 was withdrawn.
As opposed to FCR7551 FCR7787 locks the remaining account sshd (with busybox' passwd -l). In fact it does a few exec calls (2xadduser,2xdeluser,2xpasswd). It doesn't resolve the permission problems on /etc/shadow and /bin/busybox though.
Though asking politely the vendor again didn't notify me of the fix.
Cheers,
Dirk
-----
Dr. Dirk Wetter http://drwetter.org
Consulting IT-Security + Open Source
Key fingerprint = 80A2 742B 8195 969C 5FA6 6584 8B6E 59C1 E41B 9153
Powered by blists - more mailing lists