Monkey 'master.log' Insecure File Permissions Vulnerability
BID:58140
Info
Monkey 'master.log' Insecure File Permissions Vulnerability
| Bugtraq ID: | 58140 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 24 2013 12:00AM |
| Updated: | Feb 24 2013 12:00AM |
| Credit: | Agostino Sarubbo |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Monkey 'master.log' Insecure File Permissions Vulnerability
Monkey is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
Monkey is prone to an insecure file-permission vulnerability.
A local attacker can exploit this issue by gaining access to a world-readable log file and extracting sensitive information from it. Such information could aid in other attacks.
Exploit / POC
Monkey 'master.log' Insecure File Permissions Vulnerability
Attackers can use readily available tools and standard commands to exploit this issue.
Attackers can use readily available tools and standard commands to exploit this issue.
Solution / Fix
Monkey 'master.log' Insecure File Permissions Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Monkey 'master.log' Insecure File Permissions Vulnerability
References:
References: