Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

ibm.websphere.txt

πŸ—“οΈΒ 02 Dec 1999Β 00:00:00Reported byΒ Martin PeterTypeΒ 
packetstorm
Β packetstormπŸ”—Β packetstormsecurity.comπŸ‘Β 20Β Views

WebSphere installation on Solaris has insecure deinstallation script and directory permissions.

Show more
Code
`On solaris (maybe also AIX) the installation of WebSphere from IBM  
installs a deinstallation shell script in /usr/bin with protection 777.  
This script is also called by 'pkgrm', which has to be issued by  
root. The script can therefore be easily used for placing a troian  
horse etc. Besides this dangerous protection settings, WebSpher places  
GIF, lst and db files in /usr/bin and all directories of WebSpher are 777.  
  
cheers  
martin  
_________ ________________________________________________________________  
|_________| Dr. Martin Peter internet: [email protected]  
_ _ _  
| | | | | | Swiss Re  
| | | | | | Mythenquai 50/60  
|_| |_| |_| 8022 Zuerich / Switzerland  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Dec 1999 00:00Current
7.4High risk
Vulners AI Score7.4
websphere installationsolaris securitydeinstallation scriptdirectory permissionssecurity vulnerability.
20
.json
Report