webfs 'webfsd.log' Insecure File Permissions Vulnerability
BID:58126
Info
webfs 'webfsd.log' Insecure File Permissions Vulnerability
| Bugtraq ID: | 58126 |
| Class: | Design Error |
| CVE: |
CVE-2013-0347 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 22 2013 12:00AM |
| Updated: | Feb 25 2013 10:43AM |
| Credit: | Agostino Sarubbo |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
webfs 'webfsd.log' Insecure File Permissions Vulnerability
webfs is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
webfs is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
Exploit / POC
webfs 'webfsd.log' Insecure File Permissions Vulnerability
Attackers can use readily available tools and standard commands to exploit this issue.
Attackers can use readily available tools and standard commands to exploit this issue.
Solution / Fix
webfs 'webfsd.log' Insecure File Permissions Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
webfs 'webfsd.log' Insecure File Permissions Vulnerability
References:
References: