[prev in list] [next in list] [prev in thread] [next in thread]
List: listar-dev
Subject: [EDev] Re: Ecardis Password Reseting Vulnerability (fwd)
From: "Chris Scott" <chris () hostorlando ! com>
Date: 2003-02-28 14:07:09
[Download RAW message or body]
The following is a workaround for this issue until you can upgrade. This works on \
FreeBSD but should work on any system that uses chflags(1). Issue the following from \
your ecartis directory:
chflags uchg lists/SITEDATA/site-passwords
This will set the user immutable flag and must be done as root. This will prevent \
the file from being changed but it can still be read. This will allow logins to lsg2 \
but users will not be able to change their password.
To change the file back, use:
chflags nouchg lists/SITEDATA/site-passwords
This brings up a small bug. The user gets the message their password was changed, \
however, it is not and the following error message is sent:
Error: Operation not permitted
-- queuefile in error --
<< NO QUEUEFILE! >>
Chris Scott
Host Orlando, Inc.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic