[hobbit] Hobbit monitor: Security issue with Hobbit 4.2-beta client

Jason Chambers Jason.Chambers at geosoft.com
Fri Jun 30 20:30:47 CEST 2006 

Can you please verify this for me. This only affects if a user is able
to login to the system, and not the services that may be installed on
the computer. (ie ftp, web)

Jason Chambers
IT Helpdesk Support
Geosoft Inc.
85 Richmond St. West - 8th Floor
Toronto, Ontario, Canada
M5H 2C9
Tel: 416-369-0111 x344
Fax: 416-369-9599
www.geosoft.com
 
 
-----Original Message-----
From: Henrik Stoerner [mailto:henrik at hswn.dk] 
Sent: June-30-06 12:47 PM
To: hobbit at hswn.dk
Cc: hobbit-announce at hswn.dk; bugtraq at securityfocus.com
Subject: [hobbit] Hobbit monitor: Security issue with Hobbit 4.2-beta
client


I was just notified by a Hobbit user that the current beta client has a
security problem in the client "logfetch" utility, when installed as
suid-root (which is the default if "make install" is executed as root).


Impact
------
The effect of this is that any user who is able to login and create
files on a system with the Hobbit client installed, can use the
"logfetch" 
utility to get read access to any file on the system.


Which versions are affected
---------------------------
This issue affects all of the pre-release (alfa-, beta- and
snapshot-versions) of the Hobbit client version 4.2 released until today
(2006-Jun-30), when the client was installed as root and
~hobbit/client/bin/logfetch is suid-root.

The 4.1.x releases of the Hobbit client does not include the "logfetch"
utility, and are therefore NOT affected by this.


Remedy
------
It is recommended that you remove the suid bit from the logfetch utility
on systems where you have installed the Hobbit 4.2-beta client package.

To do this:
     chmod 755 ~hobbit/client/bin/logfetch

Note that this may cause logfile monitoring to break, if the client does
not have read access to the monitored logfiles.

Running logfetch as suid-root will most likely be removed in the final
Hobbit 4.2 release of the client.


Regards,

Henrik Storner, the Hobbit developer


To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe at hswn.dk

More information about the Xymon mailing list