Bugtraq mailing list archives

Multiple Vendor ARCAD permission problems

From: btellier () USA NET (Brock Tellier)
Date: Wed, 29 Sep 1999 20:30:01 MDT


Greetings,

The Linux ARCAD package (at least arcad-0.078-5) from ARCAD Systemhaus unpacks
with insecure file permissions.  By default, all directories, binaries and
scripts are mode 777 and all non-executables are mode 666.  This, of course,
opens up the possibility of a trojan horse attack if a malicious user modifies
these binaries and scripts.

The fix, of course, is to configure secure file modes.
755 for directories, binaries and scripts and 644 for non-executables.

Brock Tellier
UNIX Systems Administrator

____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=1

Current thread:

Linux GNOME exploit Brock Tellier (Sep 23)
- Re: Linux GNOME exploit Alan Cox (Sep 27)
- Re: Linux GNOME exploit Brock Tellier (Sep 27)
  - Re: Linux GNOME exploit Matt Wilson (Sep 27)
  - Re: Linux GNOME exploit Ron DuFresne (Sep 29)
    - Re: Linux GNOME exploit Slackware Security Team (Sep 29)
    - Multiple Vendor ARCAD permission problems Brock Tellier (Sep 29)
- Re: Linux GNOME exploit Chmouel Boudjnah (Sep 27)
- <Possible follow-ups>
- Re: Linux GNOME exploit Elliot Lee (Sep 27)
  - Re: Linux GNOME exploit Adam Sampson (Sep 28)
- Re: Linux GNOME exploit Thomas Biege (Sep 28)