Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Secunia Research: IBM Lotus Notes Insecure Default Folder Permissions
From: Valdis.Kletnieks () vt edu
Date: Wed, 18 Oct 2006 15:08:30 -0400

On Wed, 18 Oct 2006 17:38:53 +0200, Secunia Research said:
The problem is that Lotus Notes sets insecure default permissions
(grants "Everyone" group "Full Control") on the "notes" directory and
all child objects. This can be exploited to remove, manipulate, and
replace any of the application's files.

Well... Yeah.  *duh*.  If you want to *collaborate* on stuff, the software
has to be set up so that the collaborating group can still make progress,
even if the actual file owner is a PHB with the IQ of a dill pickle. :)

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]