Bugtraq mailing list archives
RE: Astaro Security Linux Improper File Permissions Flaw
From: "Markus Hennig" <mhennig () astaro com>
Date: Tue, 12 Feb 2002 15:55:03 +0100
We fixed the issues in Up2Date 2.022, which is available on our Up2Date servers already. http://www.astaro.org/cgi/ultimatebb.cgi?ubb=get_topic&f=1&t=000093 All Astaro users please note, that none of the wrong permissions are usable for an exploit to gain root privileges and none of them contain any remote vulnerabilities. Kind regards, Markus Hennig Welcome at CeBit 2002 in hall 16, stand B33. Please visit our User Bulletin Board http://www.astaro.org ! In God we Trust, all others please submit signed PGP/X.509 key Markus Hennig <mhennig () astaro com> | Product Development Astaro AG | http://www.astaro.com | +49-721-490069-0 | Fax -55
-----Original Message----- From: dendler () idefense com [mailto:dendler () idefense com] Sent: Tuesday, February 12, 2002 3:47 PM To: bugtraq () securityfocus com; vulnwatch () vulnwatch org Cc: Markus Hennig Subject: Astaro Security Linux Improper File Permissions Flaw iDEFENSE Intelligence Operations discovered security issues in improper file and directory permissions during an audit of Astaro AG's Astaro Linux. Astaro Linux designates a number of files and directories as world writeable that should probably not be. This, combined with other more serious flaws, could potentially result in system compromise or denial of service. Astaro AG bills its Linux packages as "Security Linux." Analysis: World writeable files and directories are dangerous because any user on the system, even one running in a restricted account such as "nobody" can access the files, write to them, and potentially delete them. World writeable directories can be especially dangerous when they are used to store files covertly. Any directories and files contained within the world writeable directory can potentially be modified. Several sensitive configuration files and directories are world writeable, meaning an attacker with any level of access to the root file system could cause damage or subvert the services/applications relying on those files. The following files are world writeable: * /etc/protocols * /etc/ssh/ssh_host_dsa_key.pub * /etc/ssh/ssh_host_key.pub It is unknown whether or not the following files need to be world writeable for the system to function properly, but it appears safe to remove the world writeable attribute: * /etc/up2date/latest_md5sum * /wtc/wfe/conf/console * /wtc/wfe/conf/nameserver * /wtc/wfe/conf/netzkartendata * /var/log/account/timestamp Astaro Linux also contains a number of world writeable directories: * /var * /etc/up2date/lib1 * /etc/up2date/lib2 In general, the /var directory should not be world writeable on any *nix system since by filling up the associated partition, an attacker may prevent log files from being written to hide his activity. Detection: Finding world writeable files and directories is easy, simply use the "find" command: find / -type d -perm +002 find / -type f -perm +002 These commands will list all world writeable directories and files respectively. Some of the directories, such as /tmp, are meant to be world writeable, and leaving them as such is relatively safe. Workaround: Removing the world writeable bit on the files can be accomplished using chmod: chmod o-w filename This will work for both files and directories. Vendor Response: Markus Hennig of Astaro <mhennig () astaro com> promptly confirmed the incorrect file permissions and worked with us responsibly to resolve these issues. The latest Up2Date 2.022 fixes the file permissions, which is now currently available on Astaro Up2Date servers. -dave David Endler, CISSP Director, iDEFENSE Labs 14151 Newbrook Drive Suite 100 Chantilly, VA 20151 voice: 703-344-2632 fax: 703-961-1071 dendler () idefense com www.idefense.com
Current thread:
- RE: Astaro Security Linux Improper File Permissions Flaw Markus Hennig (Feb 13)
- <Possible follow-ups>
- Astaro Security Linux Improper File Permissions Flaw dendler (Feb 13)