Retrospect Client creates the StartupItems directory with insecure permissions
| retrospect-client-insecure-permissions (12339) |  High Risk |
Description:
Retrospect Client could allow a local attacker to execute code. Retrospect Client for Mac OS X creates the /Library/StartupItems directory with mode 777 permissions, if this directory does not already exist. Additionally, permissions of the files and folders for this directory are assigned to the user that installed Retrospect Client instead of the root user. A local attacker could use this vulnerability to overwrite or create files in the /Library/StartupItems directory or the /Library/StartupItems/RetroClient directory.
Platforms Affected:
- Dantz, Retrospect Client
Remedy:
No remedy available as of June 27, 2009.
Consequences:
Data Manipulation
References:
- BugTraq Mailing List, Mon Jun 16 2003 - 13:25:57 CDT , Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues at http://archives.neohapsis.com/archives/bugtraq/2003-06/0112.html.
- Dantz Web site, Dantz: Products Home at http://www.dantz.com/products/.
- BID-7934: Dantz Retrospect Client StartupItems Insecure Default Permissions Vulnerability
- CVE-2003-0490: The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code.
Reported:
Jun 16, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net