Title: Axent ESM 5.0 User Profile Permission Vulnerability
Severity: LOW
Description:
Certain checks within Axent's ESM 5.0 for Unix may prevent legitimate users from logging on to scanned hosts.
Specifically, four checks within the security auditing program may cause this denial of service:
Check PATH using 'su'
Check PATH by modifying startup script
Check umask using 'su'
Check umask by modifying startup script
These checks are not enabled in the default policy templates.
When ESM is checking PATH (or umask) values, it will 'su' to the user's account. If the user's script calls a menu function, ESM will not respond and the check will hang. To overcome this problem, ESM copies the startup script to the /tmp directory, adds additional values to the end of the script, and copies the script back to the user's directory. The new values in the script will echo the PATH and umask values to a file called .esmvalues in the user's home directory the next time the user logs in. When ESM is run again, it will read the contents of .esmvalues to determine the PATH and umask values. This procedure eliminates the problems associated with 'su'ing to the account and hanging on a menu call.
Unfortunately, when ESM copies the file to /tmp, file ownership and permissions are changed to 'root'. When the file is copied back to the user's directory, only root has access - legitimate users will not be able to execute their login script.
Affected Products:
- Axent ESM 5.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
