Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [ Hackerslab bug_paper ] Informix-SQL application vulnerability

From: "Gary L. Burnore" <gburnore () netbasix net>
Date: Tue, 04 Sep 2001 13:21:00 -0400
At 09:18 09/04/2001, you wrote:
>==============================================================================
>
>        [ Hackerslab bug_paper ] Informix-SQL application vulnerability
>
>==============================================================================
>
>File   : Informix-SQL application
>
>SYSTEM : Systems running Informix
>
>INFO :
>
>There is a vulneribility in informix-SQL application which allows local
>users to create any file with root privilege:
>
>PART 1 :
>$ id
>uid=500 (informix) gid=120 (informix) groups=1000(loveyou)
>$ umask 0000

WHY would anyone set the umask to 0000? Also, per informix documentatrion,
the user informix should not belong to any other groups and no other users
should be in the informix group.


>$ cd ~informix/bin (Informix HOME Directory)
>$ ./onshowaudit
>INFORMIX-SQL Version 7.31.UC5

onshowaudit must be run by the AAO user unless you've misconfigured
INFORMIX. Since you've already ignored the group restrictions, no doubt
that's the case.

Tried the rest. Can't get it to set rwxrwxrwx on any /tmp file, even with
setting umask to 0000, althought that does allow files to be created
rw-rw-rw which isn't good (and why you shouldn't SET umask to 0000.



--
gburnore () netbasix net
Previous By Date Next
Previous By Thread Next

Current thread: