|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] Security hole in Confixx backup script
From: Dirk Pirschel (dirk
pirschel.de)
Date: Mon Jul 26 2004 - 18:57:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
* Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200:
> A malicious backup request via the webinterface might be used by any
> user to read files located in /root (which is the default installation
> directory of confixx).
Confixx does a "cd $dir; tar czf ..." without any error checking. If
the target directory does not exist, the backup is done in the current
working directory, which is /root.
It is possible to retrieve *any* directory by replacing $HOME/files or
$HOME/html with a symlink.
> If you are using confixx, you should disable the backup script.
-Dirk
--
Linux - Life is too short for reboots
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQFBBZpPxJ5Dfiog8/YRAjNZAJ40Ge3MrmuFpg+83dU3mPI608zTcQCfYjeC
+2Ti1TG/HpBybdY3NoZlubs=
=h6go
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]