Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages.