At 09:18 09/04/2001, you wrote: >============================================================================== > > [ Hackerslab bug_paper ] Informix-SQL application vulnerability > >============================================================================== > >File : Informix-SQL application > >SYSTEM : Systems running Informix > >INFO : > >There is a vulneribility in informix-SQL application which allows local >users to create any file with root privilege: > >PART 1 : >$ id >uid=500 (informix) gid=120 (informix) groups=1000(loveyou) >$ umask 0000 WHY would anyone set the umask to 0000? Also, per informix documentatrion, the user informix should not belong to any other groups and no other users should be in the informix group. >$ cd ~informix/bin (Informix HOME Directory) >$ ./onshowaudit >INFORMIX-SQL Version 7.31.UC5 onshowaudit must be run by the AAO user unless you've misconfigured INFORMIX. Since you've already ignored the group restrictions, no doubt that's the case. Tried the rest. Can't get it to set rwxrwxrwx on any /tmp file, even with setting umask to 0000, althought that does allow files to be created rw-rw-rw which isn't good (and why you shouldn't SET umask to 0000. -- gburnoreat_private
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 16:11:53 PDT