Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cobalt_raq_2 | Sun | * | * |
| Cobalt_raq_3i | Sun | * | * |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
- http://www.osvdb.org/1346
- http://www.securityfocus.com/bid/1238
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000523100045.B11049%40HiWAAY.net
- http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
- http://www.osvdb.org/1346
- http://www.securityfocus.com/bid/1238
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=20000523100045.B11049%40HiWAAY.net