• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Astaro Security Linux Insecure File Permissions World Write Vulnerability

Astaro Security Linux is an open source firewall implementation. It is developed and maintained by Astaro.

Astaro Security Linux uses an insecure set of file and directory permissions. In a default implementation, sensitive system files are writeable by local users. While Astaro Security Linux is designed as a firewall implementation, and not a multi-user system, the design could allow an unprivileged user that has gained access to the system to take advantage of these file and directory permissions to perform nefarious activities.

This problem makes it possible for an unprivileged user with access to the system via a shell to obscure their activity, perform an SSH man-in-the-middle attack, alter rpm checksums and potentially exploit the system with a trojaned rpm file, or other malicious activity.