[12069] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Multiple Vendor ARCAD permission problems

daemon@ATHENA.MIT.EDU (Brock Tellier)
Thu Sep 30 14:26:29 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-Id:  <19990930023001.18412.qmail@nwcst282.netaddress.usa.net>
Date:         Wed, 29 Sep 1999 20:30:01 MDT
Reply-To: Brock Tellier <btellier@USA.NET>
From: Brock Tellier <btellier@USA.NET>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit

Greetings,

The Linux ARCAD package (at least arcad-0.078-5) from ARCAD Systemhaus unpacks
with insecure file permissions.  By default, all directories, binaries and
scripts are mode 777 and all non-executables are mode 666.  This, of course,
opens up the possibility of a trojan horse attack if a malicious user modifies
these binaries and scripts.

The fix, of course, is to configure secure file modes.
755 for directories, binaries and scripts and 644 for non-executables.

Brock Tellier
UNIX Systems Administrator

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12069] in bugtraq

Multiple Vendor ARCAD permission problems

daemon@ATHENA.MIT.EDU (Brock Tellier)Thu Sep 30 14:26:29 1999

daemon@ATHENA.MIT.EDU (Brock Tellier)
Thu Sep 30 14:26:29 1999