jpilot World Readable Storage Directory Vulnerability
BID:2136
Info
jpilot World Readable Storage Directory Vulnerability
| Bugtraq ID: | 2136 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 14 2000 12:00AM |
| Updated: | Dec 14 2000 12:00AM |
| Credit: | This vulnerability was announced by Weston Pawlowski <[email protected]> via Bugtraq on December 14, 2000. |
| Vulnerable: |
Judd Montgomery jpilot 0.98.1 |
| Not Vulnerable: | |
Discussion
jpilot World Readable Storage Directory Vulnerability
jpilot is a palm device synching suite designed to run on the Linux Operating System, and written by Judd Montgomery. A problem exists which could allow users unauthorized access to sensitive information.
The problem occurs in the creation of the .jpilot directory. jpilot stores all information from the palm device in a .jpilot directory in the users $HOME. The directory and files in the tree are created with the permissions inherited by $UMASK, which on most systems defaults to 0755 for directories and 0644 for files. This makes it possible for any user on the local system with access to the users $HOME directory to descend the .jpilot tree, and read the contents. It is possible for a user with malicious intent to scour these files for information that my lead to other threats.
jpilot is a palm device synching suite designed to run on the Linux Operating System, and written by Judd Montgomery. A problem exists which could allow users unauthorized access to sensitive information.
The problem occurs in the creation of the .jpilot directory. jpilot stores all information from the palm device in a .jpilot directory in the users $HOME. The directory and files in the tree are created with the permissions inherited by $UMASK, which on most systems defaults to 0755 for directories and 0644 for files. This makes it possible for any user on the local system with access to the users $HOME directory to descend the .jpilot tree, and read the contents. It is possible for a user with malicious intent to scour these files for information that my lead to other threats.
Exploit / POC
jpilot World Readable Storage Directory Vulnerability
See discussion.
See discussion.
Solution / Fix
jpilot World Readable Storage Directory Vulnerability
Solution:
A temporary fix is to ensure all user $HOME directories with the .jpilot tree are mode 700, and potentially add an entry to system skeleton scripts that create the directory in a secure fashion when a user is added to the system.
Solution:
A temporary fix is to ensure all user $HOME directories with the .jpilot tree are mode 700, and potentially add an entry to system skeleton scripts that create the directory in a secure fashion when a user is added to the system.
References
jpilot World Readable Storage Directory Vulnerability
References:
References: