SnortCenter 0.9.5, when configured to push Snort rules, stores the rules in a temporary file with world-readable and world-writable permissions, which allows local users to obtain usernames and passwords for the alert database servers.Referenceshttp://www.iss.net/security_center/static/10540.phphttp://www.securityfocus.com/bid/6109http://online.securityfocus.com/archive/1/298587
