lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030616182557.10389.qmail@www.securityfocus.com>
Date: 16 Jun 2003 18:25:57 -0000
From: Alan McCarty <amccarty@...rnell.com>
To: bugtraq@...urityfocus.com
Subject: Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues




We recently noticed a serious problem with default permissions of 
the Retrospect client software, installed on Jaguar client and 
server (older versions of OS X may be vulnerable too). In addition, 
previous versions of the Retrospect client installer may be 
vulnerable as well.  We notified Dantz of this vulnerability a week 
ago, and have yet to hear from them.


DESCRIPTION:

After a clean installation we noticed the following permissions 
were set. 

/Library/StartupItems/RetroClient
0 drwxrwxrwx   5 admin  staff   170 Apr 30 10:21 RetroClient

/Library/StartupItems/RetroClient/ :
total 32
0 drwxrwxrwx  5 admin  staff   170 Dec 11 21:05 .
0 drwxrwxrwx  7 admin  staff   238 Feb 20 17:44 ..
16 -rw-rw-rw-  1 admin  staff  6148 Jun 24  2002 .DS_Store
8 -rwxrwxrwx  1 admin  staff   363 Jul  1  2002 RetroClient
8 -rwxrwxrwx  1 admin  staff   208 Mar  1  2001 
StartupParameters.plist

If the /Library/StartupItems does not already exist, the Retrospect 
client installer creates this directory with 777 permissions. In 
addition, the client installer assigns permissions of the files and 
folders to the user that installed the software, rather than to the 
root user.

KNOWN VULNERABLE VERSIONS:

Dantz Retrospect Client 5.0.540 on Mac OS X 10.2.6
(previous versions of the os and client software may be vulnerable 
as well)

WORKAROUND*:

- secure the main /Library/StartupItems directory if the 
Retrospect client installer created it:
	% sudo chmod 775 /Library/StartupItems


- secure the  /Library/StartupItems/RetroClient directory:
	% sudo chmod 775 /Library/StartupItems/RetroClient

- secure the RetroClient startup directory
	% sudo chmod 755 /Library/StartupItems/RetroClient/*

*These steps will not change group ownership, which may be 
necessary or desired on some systems. These are the steps that 
we took to secure our machines and are in no way a 
recommendation by Dantz.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ