Ok gentlemen, I got tired of waiting for Sun to come up with a patch for the infamous vulnerability in /usr/lib/authnticate and here are my recommendations:
1. Get RPM that contains the source for the program in question: wget ftp://ftp-eng.cobalt.com/pub/unsupported/raq4/srpms/apache-1.3.20-RaQ4_1C1experimental.src.rpm (it is an outdated RPM but never mind, we'll only use one program from it that probably did not change) 2. Unpack the source: rpm -ihv apache-1.3.20-RaQ4_1C1experimental.src.rpm 3. Go to the source directory: cd /usr/src/redhat/BUILD/apache/mod_auth_pam_external-1.0a/authenticate 4. Remove "-pg" compiler option from the Makefile: --- Makefile.orig Thu Jul 12 03:43:33 2001 +++ Makefile Wed Sep 25 13:34:52 2002 @@ -6,7 +6,7 @@ # LOCALFLAGS= compiler flags. Usually -g, -O, and stuff like that. CC=gcc -LOCALFLAGS= -g -I/usr/include -pg +LOCALFLAGS= -g -I/usr/include LIB=-lpam -ldl # -------------------- No User Servicable Parts Below ----------------------- 5. Build the binary: make 6. Replace vulnerable binary with the newly built one: # (run as root) mv /usr/lib/authenticate /usr/lib/authenticate.orig chmod -s /usr/lib/authenticate.orig cp authenticate /usr/lib/ chmod u+s /usr/lib/authenticate 7. Verify the the exploit no longer works Michael, do you think you might build a package like you recently did for mod_ssl? Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
