Bug 23202 - Insecure permissions on /usr/bin/*server
Summary: Insecure permissions on /usr/bin/*server
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: FreeWnn
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Eido Inoue
QA Contact:
URL:
Whiteboard: Florence Beta-3
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-03 01:45 UTC by Chris Evans
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-01-22 23:00:47 UTC
Embargoed:


Attachments (Terms of Use)

Description Chris Evans 2001-01-03 01:45:39 UTC
Look at e.g. /usr/bin/jserver

It is setuid to user "wnn". So are three other related binaries. Is this
intentional? I
hope not - jserver is very insecure. Quick inspection shows a buffer
overflow to
a static buffer when using the "-f" command line flag.

Note that a compromise of user "wnn" is very dangerous - it could assist
compromise
root because the "jserver" daemon runs as euid=wnn, ruid=root

Comment 1 Glen Foster 2001-01-11 21:16:41 UTC
This defect is considered MUST-FIX for Florence Gold release

Comment 2 Preston Brown 2001-01-22 23:00:43 UTC
Adrian:  I need some sort of update on what is going on with this program.

Comment 3 Eido Inoue 2001-01-23 23:07:24 UTC
euid/egid and ruid/rgid both set to the current effective uid and gid (which
should both be wnn)



Note You need to log in before you can comment on or make changes to this bug.