Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Roxen Web Server Vulnerability
Date: Fri Jul 21 2000 - 02:48:18 CDT

Hi all,

Excuse-me for my poor english :)
I discover two problems in Roxen Web server 2.0.46 (and certainly prior).
Perhaps it doesn't important.

* First problem:
Suppose that Roxen is installed by default in /usr/local, the
/usr/local/roxen/configurations/_configinterface/settings/administrator_uid file
holds the crypt password of the Web server's administrator.
By default, the permissions are on 644. So, it allows a local user to read and
decrypt the password.

* Second problem:
If you typed the URL: http://www.victim.com/%00/, you will see the contents of site
in question. This vulnerability was directly tested on the Roxen's web site:

Web Site : http://www.nightbird.fr.st