COMMAND

    ASP

SYSTEMS AFFECTED

    Chili!Soft ASP

PROBLEM

    Jim Sander  found following.   The license  file, if  you use  the
    "web console" utility to install/update your server license,  will
    be installed with world-write permission.

    If that file is corrupted or removed chilisoft services will  stop
    functioning due to a license violation.  Anyone who has a shell or
    file write access (or can get it) on the server can zap that  file
    to  effectively  remove  your  web  server's  ASP   functionality.
    Non-ASP should continue to function though.

    This is (at least should  be) a known problem since  the following
    instruction is a quote from their install procedure...
    >> 3. The LICENSE.LIC file must have 777 permissions.

SOLUTION

    If you ignore  their directions and  perform an update  "manually"
    you won't have this problem, since the file will be root:root mode
    644.  The server appears to function fine with this configuration,
    although anyone can still potentially copy your server license.