Netscape iPlanet iCal 'iplncal.sh' Permissions Vulnerability

Solution:
/opt/SUNWicsrv/cal/bin/iplncal.sh is linked to from /etc/iplncal.sh which is executed by /etc/rc3.d/S94sunwicsrv. In order to address this problem users should change the permissions on /opt/SUNWicsrv/cal/bin/iplncal.sh to be non world readable and writeable and to be owned (for read and write) by root. The advisory from which these details were culled further suggests that users change the ownership of the '/opt/SUNWicsrv/cal/bin' directory to root to avoid other vulnerabilities which also ship with the server.



 

Privacy Statement
Copyright 2010, SecurityFocus