Date: Tue, 27 Feb 2001 10:01:58 -0500 From: Jim Sander <jim@FEDERATION.ADDY.COM> Subject: Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities To: BUGTRAQ@SECURITYFOCUS.COM > LICENSE.LIC A further related vulnerability exists than the ones already disclosed regarding the Chili!Soft world read/write files. The license file, if you use the "web console" utility to install/update your server license, will be installed with world-write permission. Experienced BugTraq readers may stop here, you know the drill... :) If that file is corrupted or removed chilisoft services will stop functioning due to a license violation. Anyone who has a shell or file write access (or can get it) on the server can zap that file to effectively remove your web server's ASP functionality. Non-ASP should continue to function though. This is (at least should be) a known problem since the following instruction is a quote from their install procedure... >> 3. The LICENSE.LIC file must have 777 permissions. If you ignore their directions and perform an update "manually" you won't have this problem, since the file will be root:root mode 644. The server appears to function fine with this configuration, although anyone can still potentially copy your server license. They've been contacted about this specific issue on 2/22 without response. (which is really understandable I think) This is being disclosed now both to prevent someone from being burned by it, and also to make sure Chili!Soft (now owned by Sun) knows about it and hopefully fixes it along their other issues. -=Jim=-