Bugtraq mailing list archives
Multiple Vendor ARCAD permission problems
From: btellier () USA NET (Brock Tellier)
Date: Wed, 29 Sep 1999 20:30:01 MDT
Greetings, The Linux ARCAD package (at least arcad-0.078-5) from ARCAD Systemhaus unpacks with insecure file permissions. By default, all directories, binaries and scripts are mode 777 and all non-executables are mode 666. This, of course, opens up the possibility of a trojan horse attack if a malicious user modifies these binaries and scripts. The fix, of course, is to configure secure file modes. 755 for directories, binaries and scripts and 644 for non-executables. Brock Tellier UNIX Systems Administrator ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
Current thread:
- Linux GNOME exploit Brock Tellier (Sep 23)
- Re: Linux GNOME exploit Alan Cox (Sep 27)
- Re: Linux GNOME exploit Brock Tellier (Sep 27)
- Re: Linux GNOME exploit Matt Wilson (Sep 27)
- Re: Linux GNOME exploit Ron DuFresne (Sep 29)
- Re: Linux GNOME exploit Slackware Security Team (Sep 29)
- Multiple Vendor ARCAD permission problems Brock Tellier (Sep 29)
- Re: Linux GNOME exploit Chmouel Boudjnah (Sep 27)
- <Possible follow-ups>
- Re: Linux GNOME exploit Elliot Lee (Sep 27)
- Re: Linux GNOME exploit Adam Sampson (Sep 28)
- Re: Linux GNOME exploit Thomas Biege (Sep 28)