The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Directory_server | Redhat | 8.0 (including) | 8.0 (including) |
| Directory_server | Redhat | 8.1 (including) | 8.1 (including) |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | idm-console-framework-0:1.1.5-1.el5idm | * |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | jss-0:4.2.6-6.el5idm | * |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | redhat-admin-console-0:8.2.0-2.el5dsrv | * |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | redhat-ds-0:8.2.0-2.el5dsrv | * |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | redhat-ds-admin-0:8.2.0-3.el5dsrv | * |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | redhat-ds-base-0:8.2.0-13.el5dsrv | * |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | redhat-ds-console-0:8.2.0-4.el5dsrv | * |
| Red Hat Directory Server 8 for RHEL 5 | RedHat | redhat-idm-console-0:1.0.2-1.el5idm | * |
References
- http://rhn.redhat.com/errata/RHSA-2010-0590.html
- http://secunia.com/advisories/40811
- http://www.osvdb.org/66962
- http://www.securitytracker.com/id?1024281
- https://bugzilla.redhat.com/show_bug.cgi?id=608032
- http://rhn.redhat.com/errata/RHSA-2010-0590.html
- http://secunia.com/advisories/40811
- http://www.osvdb.org/66962
- http://www.securitytracker.com/id?1024281
- https://bugzilla.redhat.com/show_bug.cgi?id=608032