ScriptLogic sets insecure permissions on "LOGS$" share

2003-04-30T00:00:00
ID VU:813737
Type cert
Reporter CERT
Modified 2003-05-01T00:00:00

Description

Overview

Version 4.01 of ScriptLogic contains a vulnerability in the default permissions assigned to the network share used for logging.

Description

The ScriptLogic product from ScriptLogic, Inc. provides remote system administration capabilities for Microsoft Windows systems in a domain. ScriptLogic optionally uses a network share to store logging data. A vulnerability in the default access control for the ScriptLogic logging share (usually named LOGS$, but defined by the administrator at install time) in version 4.01 (as tested by the CERT/CC) allows an end user full access to a network share into which ScriptLogic writes its log files. The ScriptLogic installation program, intended to be run on a server, creates this network share without explicitly setting restrictive share-level permissions. As a result, the Windows default permissions are applied, thereby granting the "Everyone" group full access to the share.

The CERT/CC has verified the existence of this vulnerability in version 4.01 of the ScriptLogic software. Version 4.14 of the ScriptLogic software has been tested by the CERT/CC and shown not to contain this vulnerability. The access permissions on the LOGS$ share have been limited in this version of the ScriptLogic software.


Impact

Any user with access to the share can modify ScriptLogic log records. Additionally, an intruder can consume disk space, introduce malicious code, or store unauthorized files on the open share.

This vulnerability, when used in conjunction with other, unrelated vulnerabilities, could allow an intruder to invoke malicious code they have stored on the open share. Consumption of excessive disk space may also interfere with or halt the ordinary operation of the system housing the LOGS$ share.

The ability to use a network share for logging is an optional feature in the ScriptLogic software. Sites that have not configured logging to a network share are not affected by this vulnerability. Sites that have selected to log to an alternate network share with restricted access may be at a reduced risk for this vulnerability, depending on their environment.


Solution

Upgrade to the latest version of the software

Version 4.14 of the ScriptLogic software has been tested by the CERT/CC and shown not to contain the vulnerability. Users of potentially vulnerable versions of the software are encouraged to upgrade to this version.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
ScriptLogic Corporation| | 21 Oct 2002| 30 Apr 2003
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.scriptlogic.com/>

Credit

This document was written by Chad R Dougherty. Technical assistance during testing was provided by Art Manion and Matt Lytle. The CERT/CC appreciates ScriptLogic, Inc.'s cooperation in providing an updated copy of the software for the purpose of vulnerability testing.

Other Information

  • CVE IDs: Unknown
  • Date Public: 30 Apr 2003
  • Date First Published: 30 Apr 2003
  • Date Last Updated: 01 May 2003
  • Severity Metric: 1.26
  • Document Revision: 29