InoculateIT Linux Insecure Directory Permissions

2004-02-19T07:08:45
ID OSVDB:3896
Type osvdb
Reporter l0om(l0om@excluded.org)
Modified 2004-02-19T07:08:45

Description

Vulnerability Description

eTrust InoculateIT contains a flaw that may allow a local user to modify files or obtain sensitive information. The issue is due to the installation writing directories with insecure permissions allowing non-privileged users to edit or delete files within. Attackers may be able to obtain sensitive information from the files as well.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Grant only trusted users access to an affected system.

Short Description

eTrust InoculateIT contains a flaw that may allow a local user to modify files or obtain sensitive information. The issue is due to the installation writing directories with insecure permissions allowing non-privileged users to edit or delete files within. Attackers may be able to obtain sensitive information from the files as well.

References:

Secunia Advisory ID:10833 Related OSVDB ID: 4735 Other Advisory URL: http://www.excluded.org/advisories/advisory10.txt Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0235.html Keyword: Formerly InoculateIT ISS X-Force ID: 15103 CVE-2004-2092 Bugtraq ID: 9616