• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Linux Init Default Umask Vulnerability

Severity: MODERATE

Description:

Certain versions of the Linux kernel create the init process with umask set to 000.

The umask defines how permissions are to be set on files that are created by a process. When umask is set to 000, files are created mode 777.

The initialization scripts that ship with various linux distributions rely on inheriting a safe umask from 'init' and execute without setting it explicitly.

If the kernel creates an 'init' process with a umask of 000, any init scripts which do not explicitly set their own umask will also run with umask 000.

This condition opens up the possibility for security vulnerabilities because the init scripts create sensitive files.

It has been demonstrated that Slackare Linux 8.0 systems are vulnerable. Other distributions using init scripts which rely on umask inherited from the init process may be vulnerable as well.

Among the files that are created world writeable:

/var/run/utmp
/lib/modules/`uname -r`/modules.dep

'utmp' is a system log file that records users currently logged in. Attackers can modify entries in it if it is world writeable.

It has been demonstrated that there is at least one way for an attacker to gain root privileges due to this condition ('modules.dep'). See attack scenarios.

There may be other avenues of exploitation to cause system damage or elevate privileges.

Affected Products:

• Linux kernel 2.4.3
• Linux kernel 2.4.4
• Linux kernel 2.4.5
• Linux kernel 2.4.6
• MandrakeSoft Linux Mandrake 8.0.0
• MandrakeSoft Linux Mandrake 8.0.0 ppc
• S.u.S.E. Linux 7.2.0
• Slackware Linux 8.0.0

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.