Re: some permission problem?
From: Barry Irwin (bvi_at_itouchlabs.com)
Date: 05/07/03
- Previous message: Jerry M. Howell II: "Re: FW: block internet at two workstations"
- In reply to: SB CH: "some permission problem?"
- Next in thread: SB CH: "Re: some permission problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "SB CH" <chulmin2@hotmail.com>, <security-basics@securityfocus.com> Date: Wed, 7 May 2003 17:15:29 +0200
Hi
I would assume that you are running some kind of unix platform. You should
have a look at your HTTP server configuration as well as the log files, and
try and determine how the person grabbed the password file. A number of
older webservers were vulnerable to the so-called '..' or directory
traversal whereby they person could do the following:
Given that the webserver webroot "/" is in /usr/www, they can send a request
for /../../etc/passwd. Using normal Unix directory traversal, the passwd
file would be retrieved.
I would suggest you investigate whether your web server is vulnerable to
this problem first off, and possibly if you are able to correct this.
However without further information its difficult to provide further
assistance.
Barry
-- Barry Irwin bvi@itouchlabs.com Tel: +27214875178 Systems Administrator: Networks And Security iTouch Technology iTouch TAS http://www.itouchlabs.com Mobile: +27824457210 ----- Original Message ----- From: "SB CH" <chulmin2@hotmail.com> To: <security-basics@securityfocus.com> Sent: Tuesday, May 06, 2003 9:29 AM Subject: some permission problem? > Hello, all. > > I found that some malicious man browsed /etc/passwd file by httpd. > So I would like to block to see /etc/passwd file by nobody(http user) > permission. > but as you know, any shell logging users should have read permission. > > So, is there any method to enable this? > > I think that only one method that all users are some group member except > nobody. and only group members can read the /etc/passwd file, right? > but this work is so so hard at my system. > > Also, I saw that some commercial host baed ips can do this. > > any patch is available? > > > Thanks in advance and sorry for poor english. > > > _________________________________________________________________ > Ã¥»óÀ§¿¡ ´Ù¸® ¿Ã¸®°í ´À±ßÇÏ°Ô Áñ±ä´Ù... MSN ¿Â¶óÀÎ »ó¿µ°ü > http://vod.msn.co.kr > > > -------------------------------------------------------------------------- - > FastTrain has your solution for a great CISSP Boot Camp. The industry's most > recognized corporate security certification track, provides a comprehensive > prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization > of pertinent security tools. For a limited time you can enter for a chance > to win one of the latest technological innovations, the SEGWAY HT. > Log onto http://www.securityfocus.com/FastTrain-security-basics > -------------------------------------------------------------------------- -- > > > > --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
- Previous message: Jerry M. Howell II: "Re: FW: block internet at two workstations"
- In reply to: SB CH: "some permission problem?"
- Next in thread: SB CH: "Re: some permission problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
