OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: dendleridefense.com
Date: Tue Feb 12 2002 - 08:46:39 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    iDEFENSE Intelligence Operations discovered security
    issues in improper file and directory permissions
    during an audit of Astaro AG's Astaro Linux. Astaro
    Linux designates a number of files and directories as
    world writeable that should probably not be. This,
    combined with other more serious flaws, could
    potentially result in system compromise or denial of
    service.

    Astaro AG bills its Linux packages as "Security Linux."

      
    Analysis: World writeable files and directories are
    dangerous because any user on the system, even one
    running in a restricted account such as "nobody" can
    access the files, write to them, and potentially delete
    them. World writeable directories can be especially
    dangerous when they are used to store files covertly.
    Any directories and files contained within the world
    writeable directory can potentially be modified.

    Several sensitive configuration files and directories
    are world writeable, meaning an attacker with any level
    of access to the root file system could cause damage or
    subvert the services/applications relying on those
    files.

    The following files are world writeable:
    • /etc/protocols
    • /etc/ssh/ssh_host_dsa_key.pub
    • /etc/ssh/ssh_host_key.pub

    It is unknown whether or not the following files need
    to be world writeable for the system to function
    properly, but it appears safe to remove the world
    writeable attribute:

    • /etc/up2date/latest_md5sum
    • /wtc/wfe/conf/console
    • /wtc/wfe/conf/nameserver
    • /wtc/wfe/conf/netzkartendata
    • /var/log/account/timestamp

    Astaro Linux also contains a number of world writeable
    directories:
    • /var
    • /etc/up2date/lib1
    • /etc/up2date/lib2

    In general, the /var directory should not be world
    writeable on any *nix system since by filling up the
    associated partition, an attacker may prevent log files
    from being written to hide his activity.

    Detection: Finding world writeable files and
    directories is easy, simply use the "find" command:

    find / -type d -perm +002
    find / -type f -perm +002

    These commands will list all world writeable
    directories and files respectively. Some of the
    directories, such as /tmp, are meant to be world
    writeable, and leaving them as such is relatively safe.

    Workaround: Removing the world writeable bit on the
    files can be accomplished using chmod:

    chmod o-w filename

    This will work for both files and directories.

    Vendor Response: Markus Hennig of Astaro
    <mhennigastaro.com> promptly confirmed the incorrect
    file permissions and worked with us responsibly to
    resolve these issues. The latest Up2Date 2.022 fixes
    the file permissions, which is now currently available
    on Astaro Up2Date servers.

    -dave

    David Endler, CISSP
    Director, iDEFENSE Labs
    14151 Newbrook Drive
    Suite 100
    Chantilly, VA 20151
    voice: 703-344-2632
    fax: 703-961-1071

    dendleridefense.com
    www.idefense.com