Snort mailing list archives
SnortCenter Temporary File Access Control Bug
From: Security Admin <SecurityAdmin () hyprotech com>
Date: Thu, 7 Nov 2002 12:40:04 -0700
A temporary file vulnerability was reported in SnortCenter, a tool for managing Snort sensors. A local user could view Snort configuration files. It is reported that SnortCenter creates temporary files with 777 permissions (world readable). A local user can read the temporary files to view sensor configuration information. According to the report, this includes usernames, passwords, and addresses of the alert database servers. Impact: A local user could view Snort sensor configuration files, including usernames, passwords, and addresses of the alert database servers. Solution: The vendor has released a fixed version (0.9.6), available at: http://users.pandora.be/larc/download/ The full alert and info can be seen here... http://www.securitytracker.com/alerts/2002/Nov/1005542.html <http://www.securitytracker.com/alerts/2002/Nov/1005542.html>
Current thread:
- SnortCenter Temporary File Access Control Bug Security Admin (Nov 07)