Bugtraq archives for 1st quarter (Jan-Mar) 1996: [Fwd: HTTPd 1.5a Security Hole!!! (fwd)]
[Fwd: HTTPd 1.5a Security Hole!!! (fwd)]
Rogue Agent (
agent
l0pht.com)
Tue, 6 Feb 1996 19:28:04 -0500
---------- Forwarded message ----------
Date: Tue, 6 Feb 1996 17:47:08 -0600
From: John P. Nelson <jnelsonINTERNOC.COM>
To: Multiple recipients of list IAP <IAPVMA.CC.ND.EDU>
Subject: HTTPd 1.5a Security Hole!!!
VERY IMPORTANT for Internet Service Providers using linux, providing
public WWW space!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--------------------------------------------------------------------
FROM: The InterNetwork Operating Company, Inc.
RE: InterNOC Security Advisory
Known Affected Systems:
Linux 1.2.8 using NCSA HTTPd 1.5a
Description:
The InterNetwork Operating Company has discovered a security hole
related to Linux 1.2.8 and NCSA HTTPd 1.5a. In affected systems, the
NCSA server, running as nobody/nogroup is able to access any files that are
mode ?00 (readable only by owner).
The security hole is known to occur through symbolic links as
well as through aliases specified in the srm.conf file.
It is known that through properly placed symbolic links, it is
possible to obtain the shadow password file, user mail files, etc. This
is extermely important for public Internet Service Providers that provide
users with WWW space.
This same security hole has been tested on BSDI 2.0.1, which does
not appear to be affected. It has not yet been tested on other systems
or with other http servers.
jnelsoninternoc.com
John Nelson
The InterNetwork Operating Company, Inc.
