Bug 23202 - Insecure permissions on /usr/bin/*server
Insecure permissions on /usr/bin/*server
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: FreeWnn (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Eido Inoue
Florence Beta-3
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-02 20:45 EST by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-22 18:00:47 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Evans 2001-01-02 20:45:39 EST
Look at e.g. /usr/bin/jserver

It is setuid to user "wnn". So are three other related binaries. Is this
intentional? I
hope not - jserver is very insecure. Quick inspection shows a buffer
overflow to
a static buffer when using the "-f" command line flag.

Note that a compromise of user "wnn" is very dangerous - it could assist
compromise
root because the "jserver" daemon runs as euid=wnn, ruid=root
Comment 1 Glen Foster 2001-01-11 16:16:41 EST
This defect is considered MUST-FIX for Florence Gold release
Comment 2 Preston Brown 2001-01-22 18:00:43 EST
Adrian:  I need some sort of update on what is going on with this program.
Comment 3 Eido Inoue 2001-01-23 18:07:24 EST
euid/egid and ruid/rgid both set to the current effective uid and gid (which
should both be wnn)

Note You need to log in before you can comment on or make changes to this bug.