'[EDev] Re: Ecardis Password Reseting Vulnerability (fwd)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       listar-dev
Subject:    [EDev] Re: Ecardis Password Reseting Vulnerability (fwd)
From:       "Chris Scott" <chris () hostorlando ! com>
Date:       2003-02-28 14:07:09
[Download RAW message or body]

The following is a workaround for this issue until you can upgrade.  This works on \
FreeBSD but should work on any system that uses chflags(1).  Issue the following from \
your ecartis directory:

chflags uchg lists/SITEDATA/site-passwords

This will set the user immutable flag and must be done as root.  This will prevent \
the file from being changed but it can still be read.  This will allow logins to lsg2 \
but users will not be able to change their password.

To change the file back, use:

chflags nouchg lists/SITEDATA/site-passwords


This brings up a small bug.  The user gets the message their password was changed, \
however, it is not and the following error message is sent:

  Error: Operation not permitted 
-- queuefile in error -- 
<< NO QUEUEFILE! >> 

Chris Scott
Host Orlando, Inc.


                 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic