This advisory update has been sent to:
comp.security.unix
BUGTRAQ
CERT/CC
Sun Microsystems
===========================================================================
[8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX
With reference to [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 released
yesterday, a few people have pointed out that the fix given is not
enough in all situations.
The problem is that passwd(1) is linked to chfn(1) and friends, and
yppasswd(1) is a copy of passwd(1). Therefore, yppasswd(1) also needs
to be patched. The following is now the recommended way to fix the
problem.
WORKAROUND & FIX:
1. Contact your vendor for a patch.
2. Patch the passwd binary to remove the '-F' option.
> # cd /bin
> # cp passwd passwd.old; chmod 700 passwd.old
> # adb -w - passwd
not core file = passwd
> /l 'F:'
0x68de
The above address is required in the following step:
> 0x68de/w 0
0x68de: 0x463a = 0x0
> # chmod 4711 /bin/passwd
> # /bin/passwd -F /tmp/WinnersBlues
passwd: illegal option -- F
Usage: passwd [-l|-y] [-F file] [-afs] [-d user] [-e user]
[-n numdays user] [-x numdays user] [user]
#
Repeat the adb stage, and patch yppasswd in the same way.
(replace 'passwd' by 'yppasswd')
Thanks to all those who pointed that out, we apologise for
the error!
FEEDBACK & CONTACT INFORMATION:
8lgm-bugs@bagpuss.demon.co.uk (To report security flaws)
8lgm-request@bagpuss.demon.co.uk (Request for [8lgm] Advisories)
8lgm@bagpuss.demon.co.uk (General enquiries)
System Administrators are encouraged to contact us for any
other information they may require about the problems described
in this advisory.
We welcome reports about which platforms this flaw does or does
not exist on.
NB: 8lgm-bugs@bagpuss.demon.co.uk is intended to be used by
people wishing to report which platforms/OS's the bugs in our
advisories are present on. Please do *not* send information on
other bugs to this address - report them to your vendor and/or
comp.security.unix instead.
===========================================================================