Sophster 'Change Permissions' May Let Local Users Access Files
|
|
SecurityTracker Alert ID: 1010431
|
|
SecurityTracker URL: http://securitytracker.com/id?1010431
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 8 2004
|
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 0.9.6 prior to May 28, 2004
|
Description: A vulnerability was reported in Sophster. A local user may be able to gain access to files modified via Sophster.
The vendor reported that the 'Change Permissions' was clearing the user id (UID) value, the group id (GID) value, and the sticky bits when changing permissions.
|
Impact: A local user may be able to gain access to files modified via Sophster.
|
Solution: The vendor has issued a fixed version (0.9.6 as of May 28, 2004), available at:
http://www.schaefer.dhcp.biz/FreeSophster-0.9.6.tgz
|
Vendor URL: www.schaefer.dhcp.biz/README.txt (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 08 Jun 2004 16:15:19 -0400
Subject: http://www.schaefer.dhcp.biz/README.txt
|
http://www.schaefer.dhcp.biz/README.txt
> 20040528
> I discovered that Change Permissions was clearing the UID, GID, and
> sticky bits from the selections it was changing permissions on;
> fixed.
|
|
