[NEWS] Palm Desktop for Mac OS X Security Vulnerability

From: support@securiteam.com
Date: 01/16/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 16 Jan 2002 20:46:00 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Palm Desktop for Mac OS X Security Vulnerability
------------------------------------------------------------------------

SUMMARY

Palm Desktop's synchronizing program allows users of Palm to keep a
current record of all their content of the Palm on their computer. A
security vulnerability in the Palm Desktop Mac OS X version causes the
directories containing the content to be world readable, even if their
settings are manually changed.

DETAILS

Vulnerable systems:
Palm Desktop 4.0b76-77 for Mac OS X

ADDITIONAL INFORMATION

The information has been provided by <mailto:kruger_victor@hotmail.com>
Victor Kruger.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • Re: Tungsten-E Fatal Alert
    ... The built in password security is not very secure as you found out with this ... I use Secure It which would probably not stand up to a real ... hack attack but would likely thwart the average Joe who just found my lost Palm. ... the secrets file to another Palm. ...
    (comp.sys.palmtops.pilot)
  • Re: PalmOS Memo Record Hiding Vulnerability.
    ... > weak security, to hide data and protect the PDA from ... this "bug" is known since the very beginning of PalmOS v1.x. ... SDK even mentioned that it is the task of the author of any Palm OS ... Search the mailing list on ultraviolette.org (iirc, ...
    (Bugtraq)
  • [UNIX] Daydream BBS Format String Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... product allows attackers to exploit a format string vulnerability in the ... This bulletin is sent to members of the SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [NEWS] L-Forum SQL Injection Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... arbitrary SQL commands by injecting them through user provided data. ... This bulletin is sent to members of the SecuriTeam mailing list. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [NT] Buffer Overrun in Talentsofts Web+
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... system service, any arbitrary code executed on the server would run in the ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)