• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Alcatel OmniPCX Default File Permissions World Writeable Vulnerability

OmniPCX is an enterprise-level Personal Communications Exchange (PCX) system maintained and distributed by Alcatel.

Numerous directories and files on a OmniPCX system are world writeable. This is not inherently an issue, as OmniPCX systems are not designed for multi-user access. However, if a remote user gains access to a system via an unprivileged user account, or through one of the known login and password combinations described in Bugtraq ID 4127 "Alcatel OmniPCX Default Passwords Vulnerability," an unprivileged user may gain write access to configuration files.

Writeable files and directories include:

/chetc/menus
/chetc/msg
/chetc/lck
/etc/bootptab
/etc/mnttab
/etc/misc
/fs
/mnt
/usr2
/usr/ctsrv
/usr/preserve
/usr/tmp
/usr2/soft_install