RedPacket Security

InfoSec News & Tutorials

Vulnerabilities 

Scope of Debian’s /home/loser is with permissions 755, default umask 002

admin , , , , , , , , ,
Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Georgi Guninski on Nov 12

On Debian /home/loser is with permissions 755, default umask 0022

(If you don’t understand the numbers, this means a lot of
files are world readable).

On multiuser machines this sucks much.

Question: How much sensitive data can be read on default install?

Partial results:

1. mutt (text email client) exposes ~/.mutt/muttrc,
which might contain the imap password in plaintext.

2. Some time ago on a multiuser debian mirror we found a lot…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source

You May Also Like

osint

Exploiting a bug in Azure Functions to escape Docker

admin
osint

Tetris game app used to distribute PyXie Python RAT

admin
Automated External Sonar Scanning Workflow with InsightVM 2

Automated External Sonar Scanning Workflow with InsightVM

admin