What steps will reproduce the problem?

1. From Android shell: ls -l -a /data/data/com.googlecode.droidwall.free/app_bin/droidwall.sh
2. Notice that droidwall.sh is globally writable and that it is executed as root by the application

What is the expected output? What do you see instead?

This file should not be globally readable, writable or executable. By having it globally writable, this means that any application can write into that file allowing for the possible execution of arbitrary commands as root.

What version of the product are you using? On what operating system?

Version 1.5.7 on GINGERBREAD 2.3.6

Please provide any additional information below.

Discovered by Tyrone Erasmus - MWR Labs