TUCoPS :: Web :: Servers :: httpd75.htm

IBM WebSphere insecure deinstallation shell script
Vulnerability

    WebSphere

Affected

    IBM WebSphere

Description

    Martin Peter  found following.   On Solaris  (maybe also  AIX) the
    installation  of  WebSphere  from  IBM  installs  a deinstallation
    shell script  in /usr/bin  with protection  777.   This script  is
    also called  by 'pkgrm',  which has  to be  issued by  root.   The
    script can  therefore be  easily used  for placing  a troian horse
    etc.  Besides this dangerous protection settings, WebSpher  places
    GIF, lst and db files in /usr/bin and all directories of  WebSpher
    are 777.

Solution

    Change permissions...

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH