Title: jpilot World Readable Storage Directory Vulnerability
Severity: LOW
Description:
jpilot is a palm device synching suite designed to run on the Linux Operating System, and written by Judd Montgomery. A problem exists which could allow users unauthorized access to sensitive information.
The problem occurs in the creation of the .jpilot directory. jpilot stores all information from the palm device in a .jpilot directory in the users $HOME. The directory and files in the tree are created with the permissions inherited by $UMASK, which on most systems defaults to 0755 for directories and 0644 for files. This makes it possible for any user on the local system with access to the users $HOME directory to descend the .jpilot tree, and read the contents. It is possible for a user with malicious intent to scour these files for information that my lead to other threats.
Affected Products:
- Judd Montgomery jpilot 0.98.1
- MandrakeSoft Linux Mandrake 7.2.0
- RedHat Linux 7.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
