AOH :: SCO :: SCO5130.HTM

AOH :: SCO :: SCO5130.HTM
webtop bad suid gives local root

25th Feb 2002 [SBWID-5130]

COMMAND

	webtop bad suid gives local root

SYSTEMS AFFECTED

	UnixWare 7, Open UNIX 8

PROBLEM

	\'jggm\' [JeGalGhongMyeung] found :
	

	The setuid scripts in the webtop  product  may  be  used  to  gain  root
	privileges.
	

	

SOLUTION

	 Patch :

	 =====

	

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/

	

	 Workaround :

	 ==========

	

	If  the  webtop  functionality  is  not  needed,   remove   the   setuid
	permissions from the scripts:
	

	# chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi

	# chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.