mailing list archives
Re: Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions
From: Valdis.Kletnieks () vt edu
Date: Wed, 18 Oct 2006 15:08:30 -0400
On Wed, 18 Oct 2006 17:38:53 +0200, Secunia Research said:
The problem is that Lotus Notes sets insecure default permissions
(grants "Everyone" group "Full Control") on the "notes" directory and
all child objects. This can be exploited to remove, manipulate, and
replace any of the application's files.
Well... Yeah. *duh*. If you want to *collaborate* on stuff, the software
has to be set up so that the collaborating group can still make progress,
even if the actual file owner is a PHB with the IQ of a dill pickle. :)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/