COMMAND

    control-panel/usercfg/pythonlib

SYSTEMS AFFECTED

    Linux RedHat

PROBLEM

    First, here is some background info:

    [root@matador /etc]# rpm -qi control-panel
    Name        : control-panel               Distribution: Red Hat Linux
    VanderbiltVersion     : 2.6                               Vendor: Red Hat
    Software
    Release     : 1                             Build Date: Tue Dec 10
    21:41:45 1996Install date: Thu Apr 10 22:46:42 1997      Build Host:
    porky.redhat.com
    Group       : Utilities/System              Source RPM:
    control-panel-2.6-1.src.rpm
    Size        : 178835
    Summary     : Red Hat Control Panel

    [root@matador /etc]# rpm -qi shadow-utils
    Name        : shadow-utils                Distribution: Red Hat Linux
    Colgate
    Version     : 960530                            Vendor: Red Hat Software
    Release     : 6                             Build Date: Thu Sep 05
    23:47:04 1996Install date: Thu Jun 05 10:24:43 1997      Build Host:
    porky.redhat.com
    Group       : Utilities/System              Source RPM:
    shadow-utils-960530-6.src.rpm
    Size        : 74466
    Summary     : Shadow password file utilities for Linux

    [root@matador /etc]# cat /etc/redhat-release
    release 4.1 (Vanderbilt)

    And the bug:

    [root@matador /etc]# ls -l /etc/shadow
    -rw-------   1 root     root          693 Jun 10 11:19 /etc/shadow

    Now  if  you  start  X,  run  user  and  group  configuration   in
    control-panel and change some data then save and quit you'll have:

    [root@matador /etc]# ls -l shadow
    -rw-r--r--   1 root     root          693 Jun 10 11:19 shadow

    This was found by Krzysztof G. Baranowski.

SOLUTION

    If  you're  using  pythonlib-1.12-1  you're  vulnerable   (usercfg
    actually).  If you're running pyhonlib-1.13-1, everything's OK.