Computer Security

Archive : 1999 : december : websphere
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku





WebSphere protections from installation




WebSphere protections from installation






=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Чт, 02 дек 1999  16:00:56

   От: Martin Peter <srzpem@SWISSRE.CH>

 Кому: BUGTRAQ@SECURITYFOCUS.COM

 Тема: WebSphere protections from installation

--------------------------------------------------------------------------------




hello,

On solaris (maybe also AIX) the installation of WebSphere from IBM

installs a deinstallation shell script in /usr/bin with protection 777.

This script is also called by 'pkgrm', which has to be issued by

root. The script can therefore be easily used for placing a troian

horse etc. Besides this dangerous protection settings, WebSpher places

GIF, lst and db files in /usr/bin and all directories of WebSpher are 777.



cheers

martin

 _________   ________________________________________________________________

|_________|  Dr. Martin Peter               internet:  m.peter@ieee.org

 _   _   _

| | | | | |  Swiss Re

| | | | | |  Mythenquai 50/60

|_| |_| |_|  8022 Zuerich / Switzerland
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru