> LICENSE.LIC

   A further related vulnerability exists than the ones already disclosed
regarding the Chili!Soft world read/write files. The license file, if you
use the "web console" utility to install/update your server license, will
be installed with world-write permission. Experienced BugTraq readers may
stop here, you know the drill... :)

  If that file is corrupted or removed chilisoft services will stop
functioning due to a license violation. Anyone who has a shell or file
write access (or can get it) on the server can zap that file to
effectively remove your web server's ASP functionality. Non-ASP should
continue to function though.

   This is (at least should be) a known problem since the following
instruction is a quote from their install procedure...

>> 3. The LICENSE.LIC file must have 777 permissions.

   If you ignore their directions and perform an update "manually" you
won't have this problem, since the file will be root:root mode 644. The
server appears to function fine with this configuration, although anyone
can still potentially copy your server license.

   They've been contacted about this specific issue on 2/22 without
response. (which is really understandable I think) This is being disclosed
now both to prevent someone from being burned by it, and also to make sure
Chili!Soft (now owned by Sun) knows about it and hopefully fixes it along
their other issues.

-=Jim=-

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]