COMMAND

    ARCAD package

SYSTEMS AFFECTED

    The Linux ARCAD package (at least arcad-0.078-5)

PROBLEM

    Brock Tellier found following.  The Linux ARCAD package (at  least
    arcad-0.078-5) from  ARCAD Systemhaus  unpacks with  insecure file
    permissions.   By default,  all directories,  binaries and scripts
    are  mode  777  and  all  non-executables  are mode 666.  This, of
    course, opens  up the  possibility of  a trojan  horse attack if a
    malicious user modifies these binaries and scripts.

SOLUTION

    The fix, of course,  is to configure secure  file modes.  755  for
    directories, binaries and scripts and 644 for non-executables.