ServersBugTraq: Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities Page 2

BugTraq: Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities Page 2




a) All files in the ASP engines directory
(/opt/casp/asp-apache-3000 by default),
can be set to either 600 or 700 accordingly, EXCEPT
casp.cnfg and odbc.ini. These
two files must not be set to any permissions lower
than 644.

b) In the CASP installation root directory
(/opt/casp by default), you can change
the permissions on the global_odbc.sh file to 600.

Other specific file permission issues are
being addressed as quickly as possible
and will be modified in an upcoming release.
Changing permissions to these files
necessitates some changes to our product that must
be blessed by Quality Assurance
prior to public release in order to ensure that the
product will continue to function as
expected. We are well underway with this cycle and
will try to post updates as
appropriate.

Software Versions Affected: All Chili!Soft releases on
UNIX (on versions other than
Linux, filenames and locations may be modified
somewhat.)

4) Issue: InheritUser security mode does not
properly set the Group ID.

Solution: This must be addressed at the code level
and thus there is no configuration
workaround that can be immediately applied. This
issue is in the process of being
addressed in the upcoming v3.6 release on Solaris,
Linux, and HP. We are working to
have this new release available as quickly as
possible. We expect to have specific
dates available in the upcoming week.

Software Versions Affected: All Linux release.
Solaris, HP, and AIX *only* when used
with Apache webserver in multithread mode.

We appreciate your patience with these issues. We
also appreciate that your
comments and findings help improve our product for
everyone. Please do not hesitate
to bring up any concerns you may have by contacting
us at [email protected]

Latest Posts

Related Stories