Inlook Insecure Default Permissions

2004-01-30T08:17:44
ID OSVDB:3771
Type osvdb
Reporter OSVDB
Modified 2004-01-30T08:17:44

Description

Vulnerability Description

Inlook contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when "/.inlook/.crypt" is created with insecure default permissions, allowing anyone to read the content. occurs. This flaw may lead to a loss of confidentiality, integrity and/or availability.

Technical Description

Inlook 0.7.3 uses chmod 644 by default on ~/.inlook/.crypt, allowing anyone to read the content.

Solution Description

Upgrade to version 0.7.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Inlook contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when "/.inlook/.crypt" is created with insecure default permissions, allowing anyone to read the content. occurs. This flaw may lead to a loss of confidentiality, integrity and/or availability.

References:

Vendor URL: http://inlooksm.sourceforge.net/ Vendor Specific Solution URL: https://sourceforge.net/project/showfiles.php?group_id=81692 Secunia Advisory ID:10752 ISS X-Force ID: 14990 CVE-2004-2337 Bugtraq ID: 9527