Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Astaro Security Linux Improper File Permissions Flaw

From: "Markus Hennig" <mhennig () astaro com>
Date: Tue, 12 Feb 2002 15:55:03 +0100

We fixed the issues in Up2Date 2.022, 
which is available on our Up2Date servers already.
http://www.astaro.org/cgi/ultimatebb.cgi?ubb=get_topic&f=1&t=000093

All Astaro users please note, that none of the wrong permissions 
are usable for an exploit to gain root privileges and none of 
them contain any remote vulnerabilities.

Kind regards,
Markus Hennig


Welcome at CeBit 2002 in hall 16, stand B33.

Please visit our User Bulletin Board http://www.astaro.org !
In God we Trust, all others please submit signed PGP/X.509 key
Markus Hennig   <mhennig () astaro com> | Product Development
Astaro AG | http://www.astaro.com | +49-721-490069-0 | Fax -55




-----Original Message-----
From: dendler () idefense com [mailto:dendler () idefense com]
Sent: Tuesday, February 12, 2002 3:47 PM
To: bugtraq () securityfocus com; vulnwatch () vulnwatch org
Cc: Markus Hennig
Subject: Astaro Security Linux Improper File Permissions Flaw


iDEFENSE Intelligence Operations discovered security 
issues in improper file and directory permissions 
during an audit of Astaro AG's Astaro Linux. Astaro 
Linux designates a number of files and directories as 
world writeable that should probably not be. This, 
combined with other more serious flaws, could 
potentially result in system compromise or denial of 
service. 

Astaro AG bills its Linux packages as "Security Linux." 

  
Analysis: World writeable files and directories are 
dangerous because any user on the system, even one 
running in a restricted account such as "nobody" can 
access the files, write to them, and potentially delete 
them. World writeable directories can be especially 
dangerous when they are used to store files covertly. 
Any directories and files contained within the world 
writeable directory can potentially be modified. 

Several sensitive configuration files and directories 
are world writeable, meaning an attacker with any level 
of access to the root file system could cause damage or 
subvert the services/applications relying on those 
files. 

The following files are world writeable: 
* /etc/protocols 
* /etc/ssh/ssh_host_dsa_key.pub 
* /etc/ssh/ssh_host_key.pub 

It is unknown whether or not the following files need 
to be world writeable for the system to function 
properly, but it appears safe to remove the world 
writeable attribute: 

* /etc/up2date/latest_md5sum 
* /wtc/wfe/conf/console 
* /wtc/wfe/conf/nameserver 
* /wtc/wfe/conf/netzkartendata 
* /var/log/account/timestamp 

Astaro Linux also contains a number of world writeable 
directories: 
* /var 
* /etc/up2date/lib1 
* /etc/up2date/lib2 

In general, the /var directory should not be world 
writeable on any *nix system since by filling up the 
associated partition, an attacker may prevent log files 
from being written to hide his activity.

Detection: Finding world writeable files and 
directories is easy, simply use the "find" command: 

find / -type d -perm +002 
find / -type f -perm +002 

These commands will list all world writeable 
directories and files respectively. Some of the 
directories, such as /tmp, are meant to be world 
writeable, and leaving them as such is relatively safe. 

Workaround: Removing the world writeable bit on the 
files can be accomplished using chmod: 

chmod o-w filename 

This will work for both files and directories.  

Vendor Response: Markus Hennig of Astaro 
<mhennig () astaro com> promptly confirmed the incorrect 
file permissions and worked with us responsibly to 
resolve these issues.  The latest Up2Date 2.022 fixes 
the file permissions, which is now currently available 
on Astaro Up2Date servers.


-dave

David Endler, CISSP
Director, iDEFENSE Labs
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071

dendler () idefense com
www.idefense.com
Previous By Date Next
Previous By Thread Next

Current thread: