OSVDB ID: 14674

Title: libFoundation Defaults write Command NSGlobalDomain.plist File Password Disclosure

Info

Disclosure

Mar 04, 2004

Discovery

Jan 01, 2001

Dates

Exploit

Mar 04, 2004

Solution

Unknown

Description

libFoundation contains a flaw that may lead to an unauthorized password exposure. The problem is that the 'Defaults write' command sets insecure permissions to the 'NSGlobalDomain.plist' file, which may allow a malicious user to gain access to plain text passwords resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Helge Hess

libFoundation

Unknown or Unspecified

References

Vendor Specific News/Changelog Entry: http://bugzilla.opengroupware.org/bugzilla/show_bug.cgi?id=669
Vendor URL: http://www.geocities.com/SiliconValley/Monitor/7464/libFoundation/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218