Sun Cobalt RaQ XTR Turbo UI Insecure Default File Permissions Vulnerability
BID:9454
Info
Sun Cobalt RaQ XTR Turbo UI Insecure Default File Permissions Vulnerability
| Bugtraq ID: | 9454 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 24 2003 12:00AM |
| Updated: | Apr 24 2003 12:00AM |
| Credit: | The disclosure of this issue has been credited to the vendor. |
| Vulnerable: |
Sun Cobalt RaQ XTR Japanese 3500R-ja Sun Cobalt RaQ XTR 3500R Sun Cobalt RaQ XTR |
| Not Vulnerable: | |
Discussion
Sun Cobalt RaQ XTR Turbo UI Insecure Default File Permissions Vulnerability
It has been reported that files included with Cobalt RaQ XTR's Turbo UI management interface are installed with world-writeable permissions. A local attacker may exploit this vulnerability to modify scripts included with the interface and execute code with elevated privileges on the vulnerable system.
It has been reported that files included with Cobalt RaQ XTR's Turbo UI management interface are installed with world-writeable permissions. A local attacker may exploit this vulnerability to modify scripts included with the interface and execute code with elevated privileges on the vulnerable system.
Exploit / POC
Sun Cobalt RaQ XTR Turbo UI Insecure Default File Permissions Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Sun Cobalt RaQ XTR Turbo UI Insecure Default File Permissions Vulnerability
Solution:
Sun has released a patch to address this issue:
Sun Cobalt RaQ XTR Japanese 3500R-ja
Sun Cobalt RaQ XTR
Sun Cobalt RaQ XTR 3500R
Solution:
Sun has released a patch to address this issue:
Sun Cobalt RaQ XTR Japanese 3500R-ja
-
Sun RaQXTR-All-Security-1.0.1-15437.pkg
http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-15437.pkg
Sun Cobalt RaQ XTR
-
Sun RaQXTR-All-Security-1.0.1-15437.pkg
http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-15437.pkg
Sun Cobalt RaQ XTR 3500R
-
Sun RaQXTR-All-Security-1.0.1-15437.pkg
http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-15437.pkg
References
Sun Cobalt RaQ XTR Turbo UI Insecure Default File Permissions Vulnerability
References:
References: