Full Disclosure mailing list archives
Re: Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions
From: Valdis.Kletnieks () vt edu
Date: Wed, 18 Oct 2006 15:08:30 -0400
On Wed, 18 Oct 2006 17:38:53 +0200, Secunia Research said:
The problem is that Lotus Notes sets insecure default permissions (grants "Everyone" group "Full Control") on the "notes" directory and all child objects. This can be exploited to remove, manipulate, and replace any of the application's files.
Well... Yeah. *duh*. If you want to *collaborate* on stuff, the software has to be set up so that the collaborating group can still make progress, even if the actual file owner is a PHB with the IQ of a dill pickle. :)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions Secunia Research (Oct 18)
- Re: Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions Valdis . Kletnieks (Oct 18)