NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-08

Subject: VariCAD 7.0 premission vulnerability
From: Narrow (nssPRIVACYX.COM)
Date: Thu Aug 10 2000 - 11:53:25 CDT

Next message: bugzillaREDHAT.COM: "[RHSA-2000:053-01] Updated usermode packages."
Previous message: debian-security-announceLISTS.DEBIAN.ORG: "[SECURITY] new version of zope released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

_________________________________________________________________________________

Content-Type: premission/vulnerability
Date : 10/08/2000 18:34
Sender : Narrow <nssprivacyx.com>
Subject : VariCAD 7.0 premission vulnerability
X-System : Red Hat 6.0
X-Status : Narrow-ADV-#07
_________________________________________________________________________________

DESCRIPTION
VariCAD is a CAD for mechanical engineering for both 2D and 3D.
VariCAD 7.0 is shipped with Red Hat linux 6.0 Application CD.

PROBLEM
Several binary files and two directorys are world writeable.
Anyone could replace them with a trojan and wait until someone
executes the trojaned binary files.

The binary files:
        /usr/bin/xvcad/dxfin
        /usr/bin/xvcad/igesin
        /usr/bin/xvcad/var_rm

The directorys:
/usr/bin/xvcad/glib/*
/usr/lib/xvcad/*

SOLUTION
Change the premission of the files and directorys to 755.

-- Narrow - nss

privacyx.com - http://www.zone.ee/unix/

bash# ./win.com Segmental fault

Next message: bugzillaREDHAT.COM: "[RHSA-2000:053-01] Updated usermode packages."
Previous message: debian-security-announceLISTS.DEBIAN.ORG: "[SECURITY] new version of zope released"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]