Unicore Client Keystore File Insecure File Permissions Vulnerability
BID:20981
Info
Unicore Client Keystore File Insecure File Permissions Vulnerability
| Bugtraq ID: | 20981 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 09 2006 12:00AM |
| Updated: | Nov 14 2006 04:41PM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Unicore Client 5.6 build4 |
| Not Vulnerable: |
Unicore Client 5.6 build5 |
Discussion
Unicore Client Keystore File Insecure File Permissions Vulnerability
Unicore Client is prone to an insecure-file-permissions vulnerability. This issue is due to a design flaw in the affected application.
An attacker could exploit this issue to access sensitive application; this may lead to other attacks.
Versions prior to 5.6 build 5 are vulnerable to this issue.
Unicore Client is prone to an insecure-file-permissions vulnerability. This issue is due to a design flaw in the affected application.
An attacker could exploit this issue to access sensitive application; this may lead to other attacks.
Versions prior to 5.6 build 5 are vulnerable to this issue.
Exploit / POC
Unicore Client Keystore File Insecure File Permissions Vulnerability
An attacker can exploit this issue by using standard utilities to access the vulnerable file.
An attacker can exploit this issue by using standard utilities to access the vulnerable file.
Solution / Fix
Unicore Client Keystore File Insecure File Permissions Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
Unicore Client Keystore File Insecure File Permissions Vulnerability
References:
References:
- Unicore Client Changlog Version 5.6 Build5 (Unicore)
- Vendor Home Page (UNICORE)