Read Time:46 Second
Description
During installation, installed file permissions are set to allow anyone to modify those files.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: Medium
Related Weaknesses
Consequences
Confidentiality, Integrity: Read Application Data, Modify Application Data
Potential Mitigations
Phase: Architecture and Design, Operation
Description:
The architecture needs to access and modification attributes for files to only those users who actually require those actions.
Phase: Architecture and Design
Description:
CVE References
- CVE-2005-1941
- Executables installed world-writable.
- CVE-2002-1713
- Home directories installed world-readable.
- CVE-2001-1550
- World-writable log files allow information loss; world-readable file has cleartext passwords.
- CVE-2002-1711
- World-readable directory.
- CVE-2002-1844
- Windows product uses insecure permissions when installing on Solaris (genesis: port error).
- CVE-2001-0497
- Insecure permissions for a shared secret key file. Overlaps cryptographic problem.
- CVE-1999-0426
- Default permissions of a device allow IP spoofing.