[16199] in bugtraq
FlagShip v4.48.7449 premission vulnerability
daemon@ATHENA.MIT.EDU (Narrow)
Fri Aug 11 23:01:25 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: PrivacyX-102235750-23760
Date: Thu, 10 Aug 2000 19:53:27 +0300
Reply-To: Narrow <nss@PRIVACYX.COM>
From: Narrow <nss@PRIVACYX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
_________________________________________________________________________________
Content-Type: premission/vulnerability
Date : 09/08/2000 16:05
Sender : Narrow <nss@privacyx.com>
Subject : FlagShip v4.48.7449 premission vulnerability
X-System : Red Hat 6.0
X-Status : Narrow-ADV-#08
_________________________________________________________________________________
DESCRIPTION
FlagShip is a cross-platform database development system, fully
compatible to Clipper, handles also other xBase dialects. FlagShip
is shipped with Red Hat linux 6.0 Application CD.
PROBLEM
Several binary files are world writeable. Anyone could replace
them with a trojan and trick someone to execute the trojaned binary
files.
The binary files:
/usr/bin/FSserial
/usr/bin/FlagShip_c
/usr/bin/FlagShip_p
SOLUTION
Change the premission of the binary files to 755.
--
Narrow - nss@privacyx.com - http://www.zone.ee/unix/
bash# ./win.com
Segmental fault
