[UNIX] Citadel/UX Local Permissions Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 04/18/04
- Previous message: SecuriTeam: "[NEWS] Cisco IPsec VPN Implementation Group Password Usage Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 18 Apr 2004 17:05:49 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Citadel/UX Local Permissions Vulnerability
------------------------------------------------------------------------
SUMMARY
Citadel/UX is a high performance, multithreaded messaging server that
provides multiple access methods including Web, POP3, IMAP, SMTP and
native Citadel protocols. It provides email, public forums, mailing lists,
instant messaging, multiple/virtual domain support,
calendaring/scheduling, single-instance message store, and many other
features.
In older Citadel/UX releases, the "data" directory, where Citadel stores
its database files, had permissions drwxr-xr-x (0755) set, and the data
files were -rw-r--r-- (0644). This allowed any local user to view the
database directly, bypassing access controls to read messages that the
user is not authorized to read or to extract user data such as addresses,
phone numbers and passwords.
This vulnerability affects only systems where an attacker is able to gain
a local shell on the affected machine.
DETAILS
Vulnerable Systems:
* Citadel/UX versions 5.00 to 6.14
Immune Systems:
* Citadel/UX version 6.20
This vulnerability primarily affects users whose original Citadel
installations were version 5.xx or older software. The permissions have
been correct for all new 6.xx installations; however, installations that
have been upgraded from 5.xx to 6.xx may be vulnerable.
Workaround:
# chmod 700 $CITADEL/data
where $CITADEL is the directory in which Citadel/UX is installed
(typically /usr/local/citadel).
Solution:
Install Citadel/UX 6.20p1 from the source code distribution.
Citadel/UX 6.20 ensures at startup that the data directory is not world
readable or executable and that database files are only readable by
Citadel.
Sites that currently use Citadel/UX 5.90 or prior should read the
installation directions in docs/citadel.html carefully for significant
changes. Upgrading from 5.90 or prior may require a maintenance window of
30-60 minutes so that Citadel can upgrade the data file formats. Upgrading
from 5.91 or later requires only shutting down the old server and
restarting the new server.
Download Mirrors:
US (fast): <http://my.citadel.org/download/citadel-ux-6.20p1.tar.gz>
http://my.citadel.org/download/citadel-ux-6.20p1.tar.gz
US (slow):
<http://uncensored.citadel.org/pub/citadel/citadel-ux-6.20p1.tar.gz>
http://uncensored.citadel.org/pub/citadel/citadel-ux-6.20p1.tar.gz
ADDITIONAL INFORMATION
The information has been provided by <mailto:devel@citadel.org>
Citadel/UX Development Team.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] Cisco IPsec VPN Implementation Group Password Usage Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
