Mandrake Linux msec allows users to view other user`s home directories
| mandrake-msec-home-permissions (9389) |  Low Risk |
Description:
The msec security system in Mandrake Linux does not properly apply permissions to the HOME directories. The default security settings for the HOME directories are set to world-readable. This could allow any user to view any file under other user's HOME directories.
Consequences:
Obtain Information
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Mon Jun 17 2002 - 16:35:28 CDT: Mandrake 8.2 msec security issue.
- BID-5050: Mandrake 8.2 Msec Insecure Default Permissions Vulnerability
- CVE-2002-1713: The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
- US-CERT VU#455323: Mandrake Security may make unexpected system modifications
Platforms Affected:
- MandrakeSoft Mandrake Linux 8.2
Reported:
Jun 17, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net