Avaya Visual Vectors Server Default World Writable Script Vulnerability
BID:10176
Info
Avaya Visual Vectors Server Default World Writable Script Vulnerability
| Bugtraq ID: | 10176 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 19 2004 12:00AM |
| Updated: | Apr 19 2004 12:00AM |
| Credit: | This issue was disclosed in the referenced vendor advisory. |
| Vulnerable: |
Avaya Visual Vectors Server vvsv12ab.a Avaya Visual Vectors Server vvsv11aa.e Avaya Visual Vectors Server vvs9b.a Avaya Visual Vectors Server vvs9a.g Avaya Visual Vectors Server vvs8d.a Avaya Visual Vectors Server vvs8c.a Avaya Visual Vectors Server vvs8b.b Avaya CMS Server 11.0 Avaya CMS Server 9.0 Avaya CMS Server 8.0 |
| Not Vulnerable: | |
Discussion
Avaya Visual Vectors Server Default World Writable Script Vulnerability
Visual Vectors is reportedly affected by a local default world writable script vulnerability. This issue is due to a configuration error implemented by default on installation.
A local attacker may leverage this issue by updating the affected script to contain malicious script code, which will be executed by the root user when the script is activated.
Visual Vectors is reportedly affected by a local default world writable script vulnerability. This issue is due to a configuration error implemented by default on installation.
A local attacker may leverage this issue by updating the affected script to contain malicious script code, which will be executed by the root user when the script is activated.
Exploit / POC
Avaya Visual Vectors Server Default World Writable Script Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Avaya Visual Vectors Server Default World Writable Script Vulnerability
Solution:
The vendor has released advisory 03-10 dealing with this issue. The following action is recommended to resolve this issue:
Verify the affected script has been installed:
pkginfo -l LUfaas
It is advised that systems with the vulnerable script should verify the integrity of the script with the following command:
pkgchk LUfaas
If there has been no change in the file, carry out the following command:
chmod 755 /usr/bin/setupaas
Please see the referenced advisory for more information.
Solution:
The vendor has released advisory 03-10 dealing with this issue. The following action is recommended to resolve this issue:
Verify the affected script has been installed:
pkginfo -l LUfaas
It is advised that systems with the vulnerable script should verify the integrity of the script with the following command:
pkgchk LUfaas
If there has been no change in the file, carry out the following command:
chmod 755 /usr/bin/setupaas
Please see the referenced advisory for more information.
References
Avaya Visual Vectors Server Default World Writable Script Vulnerability
References:
References:
- Avaya Home Page (Avaya)
- Avaya Visual Vectors (Avaya)
- Avaya Visual Vectors Server World Writable Script Vulnerability (Avaya)