Citadel/UX Insecure File Permissions Vulnerability
BID:10102
Info
Citadel/UX Insecure File Permissions Vulnerability
| Bugtraq ID: | 10102 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 12 2004 12:00AM |
| Updated: | Apr 12 2004 12:00AM |
| Credit: | The vendor announced this vulnerability. |
| Vulnerable: |
Citadel/UX Citadel/UX 5.91 Citadel/UX Citadel/UX 5.90 |
| Not Vulnerable: |
Citadel/UX Citadel/UX 6.0 8 Citadel/UX Citadel/UX 6.0 7 |
Discussion
Citadel/UX Insecure File Permissions Vulnerability
Citadel/UX has been reported prone to a weak file permissions vulnerability. The issue is reported to present itself because Citadel/UX sets insecure permissions on the "data" directory and files contained within, during installation.
As a direct result of this, any user who has interactive shell access to a system may disclose potentially sensitive data that is contained in the Citadel/UX database and data files.
Citadel/UX has been reported prone to a weak file permissions vulnerability. The issue is reported to present itself because Citadel/UX sets insecure permissions on the "data" directory and files contained within, during installation.
As a direct result of this, any user who has interactive shell access to a system may disclose potentially sensitive data that is contained in the Citadel/UX database and data files.
Exploit / POC
Citadel/UX Insecure File Permissions Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Citadel/UX Insecure File Permissions Vulnerability
Solution:
The vendor has released an update to address this issue:
Citadel/UX Citadel/UX 5.90
Citadel/UX Citadel/UX 5.91
Solution:
The vendor has released an update to address this issue:
Citadel/UX Citadel/UX 5.90
-
Citadel/UX citadel-ux-6.20p1.tar.gz
http://my.citadel.org/download/citadel-ux-6.20p1.tar.gz
Citadel/UX Citadel/UX 5.91
-
Citadel/UX citadel-ux-6.20p1.tar.gz
http://my.citadel.org/download/citadel-ux-6.20p1.tar.gz