Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: varica.htm

VariCAD world writeable files vulnerability



Vulnerability

    VariCAD

Affected

    VariCAD 7.0

Description

    'Narrow'  found  following.   VariCAD  is  a  CAD  for  mechanical
    engineering for both 2D and 3D.   VariCAD 7.0 is shipped with  Red
    Hat linux 6.0 Application CD.

    Several  binary  files  and  two  directorys  are world writeable.
    Anyone could  replace them  with a  trojan and  wait until someone
    executes the trojaned binary files.  The binary files:

        /usr/bin/xvcad/dxfin
        /usr/bin/xvcad/igesin
        /usr/bin/xvcad/var_rm

    The directorys:

        /usr/bin/xvcad/glib/*
        /usr/lib/xvcad/*

Solution

    Change the premission of the files and directorys to 755.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH