CVE-2001-0859

Vulnerability

The 2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program incorrectly sets the default umask for init to 000. This configuration causes all subsequently installed files to have world-writable permissions, as they are created with a default permission mask that grants write access to all users. The affected versions are Red Hat Linux 7.1 with the Korean installation option [1].

Exploitation

An attacker with local access to the system can exploit this misconfiguration without authentication. The attacker only needs to have a user account on the system. Since the umask is set to 000 for init, all files created during the installation (and potentially later system processes) will have permissions that allow any local user to write to them. The attacker can then modify critical system files (such as executables or configuration files) to escalate privileges or introduce malicious code [1].

Impact

Successful exploitation allows a local attacker to write to files that should normally be protected. This can lead to arbitrary code execution with elevated privileges (root), as the attacker can overwrite system binaries or configuration files. The confidentiality, integrity, and availability of the system are all compromised, as the attacker can read, modify, or disrupt any data or processes [1].

Mitigation

Red Hat released an advisory (RHSA-2001:148) with updated packages. The fix involves correcting the umask setting to a secure default (typically 022). Users should upgrade to the patched kernel version provided by Red Hat. As a workaround, administrators can manually set the umask to a secure value in system initialization scripts. No known KEV listing exists for this CVE [1].