Vulnerability Note VU#302544
Alertus Desktop Notification for OS X sets insecure permissions for configuration and other files
Alertus Desktop Notification for OS X, version 220.127.116.110 and earlier, sets insecure permissions for configuration and other files, which may enable an unprivileged attacker to disable notifications and modify content locally.
CWE-276: Incorrect Default Permissions - CVE-2016-5087
Alertus Desktop Notification is mass emergency notification software designed to receive and display alerts on PC and Mac client systems. Alertus Desktop Notification for OS X, version 18.104.22.1680 and earlier, sets insecure permissions for configuration and other files by default, which may enable an unprivileged, local attacker to disable notifications and modify content.
A local, unprivileged attacker may modify or remove configuration or other files to disable notifications or alter content.
Apply an update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Alertus Technologies||Affected||10 May 2016||22 Jun 2016|
CVSS Metrics (Learn More)
Thanks to Gerrit DeWitt of Georgia State University for reporting this vulnerability.
This document was written by Joel Land.
- CVE IDs: CVE-2016-5087
- Date Public: 23 Jun 2016
- Date First Published: 23 Jun 2016
- Date Last Updated: 23 Jun 2016
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.