My Oracle Support Banner

Insecure Write Permissions On Executable Files (Doc ID 2124970.1)

Last updated on NOVEMBER 13, 2019

Applies to:

Oracle Enterprise Single Sign-On Suite Plus - Version and later
Information in this document applies to any platform.


Customer's have detected insecure permissions in their ESSO environment. Services configured to use an executable with weak permissions are vulnerable to privilege escalation attacks. A non-privileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation.

The following questionable permissions were observed;

Path : <DRIVE:>\program files\common files\passlogix\notificationservice\notificationsvc.exe
Used by services : SSO Notification Service
File write allowed for groups : Users

Path : <DRIVE:>\program files\passlogix\v-go sso\sessionmanager\smregistryservice.exe
Used by services : SMRegistryService.exe
File write allowed for groups : Users

Path : <DRIVE:>\program files\passlogix\v-go sso\sessionmanager\ssosmservice.exe
Used by services : SSOSMService.exe
File write allowed for groups : Users

What are the ramifications of disabling write permissions on these executable files and only allowing read/execute?


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.