SEP sesam security bulletins

From SEPsesam
Revision as of 16:40, 14 March 2007 by Tw (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Contents

Wrong password check in sm_passd

  • Issue date: 2007/24/01

Target platform

All SEPsesam servers and remote device servers on Linux

Description

Because of a wrong password check in sm_passd someone can escape from Sesam work directory with root rights

Howto fix

  • edit <SESAM_ROOT>/var/ini/stpd.ini
  • remove root from AUTH_USERS 
       [STPD_Thread]
       STPD_BUFSIZE=4
       DATA_TIMEOUT=7200
       AUTH_USERS=sms
       ...
  • restart sm_passd with sm_main reload passd
  • This procedure must be performed on all Remote Device Servers, as well.
Retrieved from "http://wiki.sepsoftware.com/wiki/index.php?title=SEP_sesam_security_bulletins&oldid=2186"
Personal tools
Namespaces
Variants
Actions
Navigation
Sesam
Toolbox