Bugtraq mailing list archives

FlagShip v4.48.7449 premission vulnerability

From: Narrow <nss () PRIVACYX COM>
Date: Thu, 10 Aug 2000 19:53:27 +0300

_________________________________________________________________________________

Content-Type: premission/vulnerability
Date        : 09/08/2000 16:05
Sender      : Narrow <nss () privacyx com>
Subject     : FlagShip v4.48.7449 premission vulnerability
X-System    : Red Hat 6.0
X-Status    : Narrow-ADV-#08
_________________________________________________________________________________

DESCRIPTION
   FlagShip is a cross-platform database development system, fully
compatible to Clipper, handles also other xBase dialects. FlagShip
is shipped with Red Hat linux 6.0 Application CD.

PROBLEM
   Several binary files are world writeable. Anyone could replace
them with a trojan and trick someone to execute the trojaned binary
files.

The binary files:
        /usr/bin/FSserial
        /usr/bin/FlagShip_c
        /usr/bin/FlagShip_p

SOLUTION
   Change the premission of the binary files to 755.

--
Narrow - nss () privacyx com - http://www.zone.ee/unix/

bash# ./win.com
Segmental fault

Current thread:

FlagShip v4.48.7449 premission vulnerability Narrow (Aug 11)