|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Roxen Web Server Vulnerability
From: zorgon
SDF.FREESHELL.ORGDate: Fri Jul 21 2000 - 02:48:18 CDT
- Next message: Alan DeKok: "StackGuard with ... Re: [Paper] Format bugs."
- Previous message: Mark Lastdrager: "quick Postfix check for Outlook date exploit"
- Next in thread: Max Vision: "Re: Roxen Web Server Vulnerability"
- Reply: Max Vision: "Re: Roxen Web Server Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
Excuse-me for my poor english :)
I discover two problems in Roxen Web server 2.0.46 (and certainly prior).
Perhaps it doesn't important.
* First problem:
Suppose that Roxen is installed by default in /usr/local, the
/usr/local/roxen/configurations/_configinterface/settings/administrator_uid file
holds the crypt password of the Web server's administrator.
By default, the permissions are on 644. So, it allows a local user to read and
decrypt the password.
* Second problem:
If you typed the URL: http://www.victim.com/%00/, you will see the contents of site
in question. This vulnerability was directly tested on the Roxen's web site:
http://www.roxen.com
-- zorgon
- Next message: Alan DeKok: "StackGuard with ... Re: [Paper] Format bugs."
- Previous message: Mark Lastdrager: "quick Postfix check for Outlook date exploit"
- Next in thread: Max Vision: "Re: Roxen Web Server Vulnerability"
- Reply: Max Vision: "Re: Roxen Web Server Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]