Re: [Full-Disclosure] Security hole in Confixx backup script
From: Dirk Pirschel (dirk_at_pirschel.de)
Date: 07/27/04
- Previous message: John.Airey_at_RNIB.ORG.UK: "RE: [Full-Disclosure] Redhat 9 PHP 4.2.2 update for the memory_li mit vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Tue, 27 Jul 2004 01:57:04 +0200
Hi,
* Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200:
> A malicious backup request via the webinterface might be used by any
> user to read files located in /root (which is the default installation
> directory of confixx).
Confixx does a "cd $dir; tar czf ..." without any error checking. If
the target directory does not exist, the backup is done in the current
working directory, which is /root.
It is possible to retrieve *any* directory by replacing $HOME/files or
$HOME/html with a symlink.
> If you are using confixx, you should disable the backup script.
-Dirk
-- Linux - Life is too short for reboots
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- application/pgp-signature attachment: stored
- Previous message: John.Airey_at_RNIB.ORG.UK: "RE: [Full-Disclosure] Redhat 9 PHP 4.2.2 update for the memory_li mit vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
