Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

VariCAD 7.0 premission vulnerability

From: Narrow <nss () PRIVACYX COM>
Date: Thu, 10 Aug 2000 19:53:25 +0300
_________________________________________________________________________________

Content-Type: premission/vulnerability
Date        : 10/08/2000 18:34
Sender      : Narrow <nss () privacyx com>
Subject     : VariCAD 7.0 premission vulnerability
X-System    : Red Hat 6.0
X-Status    : Narrow-ADV-#07
_________________________________________________________________________________

DESCRIPTION
   VariCAD is a CAD for mechanical engineering for both 2D and 3D.
VariCAD 7.0 is shipped with Red Hat linux 6.0 Application CD.

PROBLEM
   Several binary files and two directorys are world writeable.
Anyone could replace them with a trojan and wait until someone
executes the trojaned binary files.

The binary files:
        /usr/bin/xvcad/dxfin
        /usr/bin/xvcad/igesin
        /usr/bin/xvcad/var_rm

The directorys:
        /usr/bin/xvcad/glib/*
        /usr/lib/xvcad/*

SOLUTION
   Change the premission of the files and directorys to 755.

--
Narrow - nss () privacyx com - http://www.zone.ee/unix/

bash# ./win.com
Segmental fault
Previous By Date Next
Previous By Thread Next

Current thread: