Bug 23202 - Insecure permissions on /usr/bin/*server
Summary: Insecure permissions on /usr/bin/*server
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: FreeWnn   
(Show other bugs)
Version: 7.1
Hardware: i386 Linux
medium
medium
Target Milestone: ---
Assignee: Eido Inoue
QA Contact:
URL:
Whiteboard: Florence Beta-3
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-03 01:45 UTC by Chris Evans
Modified: 2008-05-01 15:37 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-22 23:00:47 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Chris Evans 2001-01-03 01:45:39 UTC 
Look at e.g. /usr/bin/jserver

It is setuid to user "wnn". So are three other related binaries. Is this
intentional? I
hope not - jserver is very insecure. Quick inspection shows a buffer
overflow to
a static buffer when using the "-f" command line flag.

Note that a compromise of user "wnn" is very dangerous - it could assist
compromise
root because the "jserver" daemon runs as euid=wnn, ruid=root
Comment 1 Glen Foster 2001-01-11 21:16:41 UTC 
This defect is considered MUST-FIX for Florence Gold release
Comment 2 Preston Brown 2001-01-22 23:00:43 UTC 
Adrian:  I need some sort of update on what is going on with this program.
Comment 3 Eido Inoue 2001-01-23 23:07:24 UTC 
euid/egid and ruid/rgid both set to the current effective uid and gid (which
should both be wnn)
Note You need to log in before you can comment on or make changes to this bug.