Bug 23202

Summary: Insecure permissions on /usr/bin/*server
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: FreeWnnAssignee: Eido Inoue <havill>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: dr, notting
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: Florence Beta-3
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-01-22 23:00:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 2001-01-03 01:45:39 UTC 
Look at e.g. /usr/bin/jserver

It is setuid to user "wnn". So are three other related binaries. Is this
intentional? I
hope not - jserver is very insecure. Quick inspection shows a buffer
overflow to
a static buffer when using the "-f" command line flag.

Note that a compromise of user "wnn" is very dangerous - it could assist
compromise
root because the "jserver" daemon runs as euid=wnn, ruid=root
Comment 1 Glen Foster 2001-01-11 21:16:41 UTC 
This defect is considered MUST-FIX for Florence Gold release
Comment 2 Preston Brown 2001-01-22 23:00:43 UTC 
Adrian:  I need some sort of update on what is going on with this program.
Comment 3 Eido Inoue 2001-01-23 23:07:24 UTC 
euid/egid and ruid/rgid both set to the current effective uid and gid (which
should both be wnn)