Astaro Security Linux Improper File Permissions Flaw

From: dendlerat_private
Date: Tue Feb 12 2002 - 06:46:39 PST

Next message: Chris Ren: "Microsoft C++ feature against buffer overflows itself vulnerable"

Previous message: Markus Hennig: "RE: Astaro Security Linux Improper File Permissions Flaw"
Next in thread: Markus Hennig: "RE: Astaro Security Linux Improper File Permissions Flaw"
Maybe reply: Markus Hennig: "RE: Astaro Security Linux Improper File Permissions Flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

iDEFENSE Intelligence Operations discovered security 
issues in improper file and directory permissions 
during an audit of Astaro AG's Astaro Linux. Astaro 
Linux designates a number of files and directories as 
world writeable that should probably not be. This, 
combined with other more serious flaws, could 
potentially result in system compromise or denial of 
service. 

Astaro AG bills its Linux packages as "Security Linux." 

  
Analysis: World writeable files and directories are 
dangerous because any user on the system, even one 
running in a restricted account such as "nobody" can 
access the files, write to them, and potentially delete 
them. World writeable directories can be especially 
dangerous when they are used to store files covertly. 
Any directories and files contained within the world 
writeable directory can potentially be modified. 

Several sensitive configuration files and directories 
are world writeable, meaning an attacker with any level 
of access to the root file system could cause damage or 
subvert the services/applications relying on those 
files. 

The following files are world writeable: 
• /etc/protocols 
• /etc/ssh/ssh_host_dsa_key.pub 
• /etc/ssh/ssh_host_key.pub 

It is unknown whether or not the following files need 
to be world writeable for the system to function 
properly, but it appears safe to remove the world 
writeable attribute: 

• /etc/up2date/latest_md5sum 
• /wtc/wfe/conf/console 
• /wtc/wfe/conf/nameserver 
• /wtc/wfe/conf/netzkartendata 
• /var/log/account/timestamp 

Astaro Linux also contains a number of world writeable 
directories: 
• /var 
• /etc/up2date/lib1 
• /etc/up2date/lib2 

In general, the /var directory should not be world 
writeable on any *nix system since by filling up the 
associated partition, an attacker may prevent log files 
from being written to hide his activity.

Detection: Finding world writeable files and 
directories is easy, simply use the "find" command: 

find / -type d -perm +002 
find / -type f -perm +002 

These commands will list all world writeable 
directories and files respectively. Some of the 
directories, such as /tmp, are meant to be world 
writeable, and leaving them as such is relatively safe. 

Workaround: Removing the world writeable bit on the 
files can be accomplished using chmod: 

chmod o-w filename 

This will work for both files and directories.  

Vendor Response: Markus Hennig of Astaro 
<mhennigat_private> promptly confirmed the incorrect 
file permissions and worked with us responsibly to 
resolve these issues.  The latest Up2Date 2.022 fixes 
the file permissions, which is now currently available 
on Astaro Up2Date servers.


-dave

David Endler, CISSP
Director, iDEFENSE Labs
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071

dendlerat_private
www.idefense.com

Next message: Chris Ren: "Microsoft C++ feature against buffer overflows itself vulnerable"
Previous message: Markus Hennig: "RE: Astaro Security Linux Improper File Permissions Flaw"
Next in thread: Markus Hennig: "RE: Astaro Security Linux Improper File Permissions Flaw"
Maybe reply: Markus Hennig: "RE: Astaro Security Linux Improper File Permissions Flaw"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 13 2002 - 23:09:22 PST