From: Secunia Security Advisories (sec-advsecunia.com)
Date: Wed Jul 02 2003 - 11:42:04 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Caché Privilege Escalation Vulnerabilities

READ ONLINE:
http://www.secunia.com/advisories/9166/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Caché 4.x
Caché 5.x

DESCRIPTION:
Some vulnerabilities have been reported in Caché, which can be
exploited by malicious, local users to escalate their privileges.

When installed, Caché sets insecure permissions on the content in the
"bin" and "csp" directories giving all users full permissions. This
can be exploited by manipulating or overwriting binaries, which makes
it possible to execute arbitrary code with root privileges.

Furthermore, some suid binaries are reported to execute other
programs using relative paths, which also can be exploited to
escalate privileges.

SOLUTION:
Set proper permissions on directories and files.

InterSystems has stated that the issue will be addressed in versions
4.1.16 and 5.0.3.

REPORTED BY / CREDITS:
Larry W. Cashdollar
iDEFENSE

ORIGINAL ADVISORY:
http://www.intersystems.com/support/flash/index.html

OTHER REFERENCES:
http://www.idefense.com/advisory/07.01.03.txt

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]