COMMAND

    HTTProtect

SYSTEMS AFFECTED

    HTTProtect 1.1

PROBLEM

    Following  is  based  on  a  SNS  Advisory No.37.  HTTProtect is a
    security product released by Omnisecure which prevents users  from
    changing and deleting file on the ext2 file system.

    Even  if  attackers  gain  root  privilege,  it prevents them from
    changing or  deleting protected  files.   But there  is a  problem
    which  attackers   can  change   protected  files   bypassing  the
    access-control.

    Even if attackers have the root privilege, protected files  cannot
    be  changed,  but  they  can  change  protected  files under these
    conditions:
    1. Attackers can make symlink in a writable directory(ex. /tmp)
    2. They  are  the  owner  of  the  target  file or they have  root
       privilege.

    Example (A protected file is /opt/www/html/index.html):

        $ ln -s /opt/www/html/index.html /tmp/foo
        $ vi /tmp/foo (cat /tmp/hack.html > /tmp/foo)

SOLUTION

    Patch is available on Omnisecure Web site now:

        http://www.omnisecure.com/products/http/Linux/1.1.1/index.htm