[原文]PaintBBS 1.2 installs certain files and directories with insecure permissions, which allows local users to (1) obtain the encrypted server password via the world-readable oekakibbs.conf file, or (2) modify the server configuration via the world-writeable /oekaki/ folder.
It may be possible to change the permissions on the PaintBBS files to be more restrictive. Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
PaintBBS contains a flaw that may allow a malicious user to obtain the encrypted server password or modify the server configuration file. The issue is a result of insecure permissions of the oekakibbs.conf file and the /oekaki/ directory. This may result in a loss of confidentiality and/or integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds:
1. Use the chmod command to change the default permissions of the /oekaki/ directory
2. Rename the oekakibbs.conf file
Posted to the Bugtraq mailing list by John Bissell <email@example.com>.
PaintBBS PaintBBS 1.2
PaintBBS is a collection of CGI scripts and a Java applet. It functions as a web based bulletin board system. The applet acts as a drawing program, and allows users to upload pictures to the bbs. PaintBBS is a japanese product.
Some versions of PaintBBS have been reported to suffer from a weak default configuration. Under the default installation, the configuration file and the cgi-bin directory are world readable. Any remote user may request the directory contents, or the contents of the configuration file. Among the information disclosed is the encrypted value of the administration password.
Later versions of PaintBBS may share this configuration.
This vulnerability can be exploited with a web browser.
It may be possible to change the permissions on the PaintBBS files to be more restrictive.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.