Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues
From: Alan McCarty (amccarty_at_ecornell.com)
Date: 06/16/03
- Previous message: SecurITeam BugTraq Monitoring: "Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 16 Jun 2003 18:25:57 -0000 To: bugtraq@securityfocus.com('binary' encoding is not supported, stored as-is)
We recently noticed a serious problem with default permissions of
the Retrospect client software, installed on Jaguar client and
server (older versions of OS X may be vulnerable too). In addition,
previous versions of the Retrospect client installer may be
vulnerable as well. We notified Dantz of this vulnerability a week
ago, and have yet to hear from them.
DESCRIPTION:
After a clean installation we noticed the following permissions
were set.
/Library/StartupItems/RetroClient
0 drwxrwxrwx 5 admin staff 170 Apr 30 10:21 RetroClient
/Library/StartupItems/RetroClient/ :
total 32
0 drwxrwxrwx 5 admin staff 170 Dec 11 21:05 .
0 drwxrwxrwx 7 admin staff 238 Feb 20 17:44 ..
16 -rw-rw-rw- 1 admin staff 6148 Jun 24 2002 .DS_Store
8 -rwxrwxrwx 1 admin staff 363 Jul 1 2002 RetroClient
8 -rwxrwxrwx 1 admin staff 208 Mar 1 2001
StartupParameters.plist
If the /Library/StartupItems does not already exist, the Retrospect
client installer creates this directory with 777 permissions. In
addition, the client installer assigns permissions of the files and
folders to the user that installed the software, rather than to the
root user.
KNOWN VULNERABLE VERSIONS:
Dantz Retrospect Client 5.0.540 on Mac OS X 10.2.6
(previous versions of the os and client software may be vulnerable
as well)
WORKAROUND*:
- secure the main /Library/StartupItems directory if the
Retrospect client installer created it:
% sudo chmod 775 /Library/StartupItems
- secure the /Library/StartupItems/RetroClient directory:
% sudo chmod 775 /Library/StartupItems/RetroClient
- secure the RetroClient startup directory
% sudo chmod 755 /Library/StartupItems/RetroClient/*
*These steps will not change group ownership, which may be
necessary or desired on some systems. These are the steps that
we took to secure our machines and are in no way a
recommendation by Dantz.
- Previous message: SecurITeam BugTraq Monitoring: "Multiple Vulnerabilities Found in Mailtraq (DoS, Password Decryption, Directory Traversal)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
