Ultraboard Incorrect Directory Permissions Vulnerability
BID:2197
Info
Ultraboard Incorrect Directory Permissions Vulnerability
| Bugtraq ID: | 2197 |
| Class: | Configuration Error |
| CVE: |
CVE-2001-0135 |
| Remote: | No |
| Local: | Yes |
| Published: | Jan 11 2001 12:00AM |
| Updated: | Jul 11 2009 04:46AM |
| Credit: | Reported to bugtraq by JW Oh <[email protected]> on January 11, 2001 |
| Vulnerable: |
UltraScripts UltraBoard 2.11 |
| Not Vulnerable: | |
Discussion
Ultraboard Incorrect Directory Permissions Vulnerability
A version of Ultraboard 2000, a bulletin board script from UltraScripts, is reported to install with improperly-set directory permissions.
As a result, a local user could copy malicious cgi scripts to these directories which would then be remotely executable with the privilege level of the webserver.
This may lead to a compromise of data owned by the webserver user, such as defacement of the webpage.
A version of Ultraboard 2000, a bulletin board script from UltraScripts, is reported to install with improperly-set directory permissions.
As a result, a local user could copy malicious cgi scripts to these directories which would then be remotely executable with the privilege level of the webserver.
This may lead to a compromise of data owned by the webserver user, such as defacement of the webpage.
Solution / Fix
Ultraboard Incorrect Directory Permissions Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Ultraboard Incorrect Directory Permissions Vulnerability
References:
References: