Kbase P20868: Ability to read files not owned by the user.
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
11/06/2003 |
|
Status: Unverified
FACT(s) (Environment):
UNIX
FACT(s) (Environment):
Progress 9.1D
SYMPTOM(s):
Ability to read files not owned by the user.
User may be able to obtain root password through the /etc/shawdow file.
Running Service Pack 05.
Security issue.
CAUSE:
20030307-019
CAUSE:
File permission was not checked.
FIX:
Bug is fixed in 91.D06.
Access to the /etc/shadow file will be denied and an appropriate message will be displayed.