Palm Desktop for Mac OS creates backup folders with insecure permissions

palm-macos-backup-permissions (7937) The risk level is classified as LowLow Risk

Description:

Palm Desktop for Mac OS could allow a local attacker to view potentially sensitive information. Palm Desktop creates backup files and folders during the hotsync (synchronization) process between the Palm device and Mac OS. These files and folders are created with world-readable permissions.


Consequences:

Obtain Information

Remedy:

No remedy available as of April 1, 2014.

References:

  • BugTraq Mailing List, Sat Jan 12 2002 - 18:52:57 CST: Palm Desktop 4.0b76-77 for Mac OS X.
  • BID-3863: Palm Desktop For MacOS X Hotsync Insecure Backup Permissions Vulnerability
  • CVE-2002-0120: Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.
  • OSVDB ID: 5372: Palm Desktop on Mac OS X World Readable File Information Disclosure

Platforms Affected:

  • Apple Mac OS X 10.0
  • Apple Mac OS X 10.1
  • Palm Palm Desktop 4.0b77

Reported:

Jan 12, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page