Re: some permission problem?

From: Barry Irwin (bvi_at_itouchlabs.com)
Date: 05/07/03

  • Next message: Gaurav Kumar: "Re: How secure is Email based password reset?"
    To: "SB CH" <chulmin2@hotmail.com>, <security-basics@securityfocus.com>
    Date: Wed, 7 May 2003 17:15:29 +0200
    
    

    Hi

    I would assume that you are running some kind of unix platform. You should
    have a look at your HTTP server configuration as well as the log files, and
    try and determine how the person grabbed the password file. A number of
    older webservers were vulnerable to the so-called '..' or directory
    traversal whereby they person could do the following:

    Given that the webserver webroot "/" is in /usr/www, they can send a request
    for /../../etc/passwd. Using normal Unix directory traversal, the passwd
    file would be retrieved.

    I would suggest you investigate whether your web server is vulnerable to
    this problem first off, and possibly if you are able to correct this.
    However without further information its difficult to provide further
    assistance.

    Barry

    --
    Barry Irwin         bvi@itouchlabs.com                    Tel:
    +27214875178
    Systems Administrator: Networks And Security
    iTouch Technology
    iTouch TAS      http://www.itouchlabs.com         Mobile: +27824457210
    ----- Original Message -----
    From: "SB CH" <chulmin2@hotmail.com>
    To: <security-basics@securityfocus.com>
    Sent: Tuesday, May 06, 2003 9:29 AM
    Subject: some permission problem?
    > Hello, all.
    >
    > I found that some malicious man browsed /etc/passwd file by httpd.
    > So I would like to block to see /etc/passwd file by nobody(http user)
    > permission.
    > but as you know, any shell logging users should have read permission.
    >
    > So, is there any method to enable this?
    >
    > I think that only one method that all users are some group member except
    > nobody. and only group members can  read the /etc/passwd file, right?
    > but this work is so so hard at my system.
    >
    > Also, I saw that some commercial host baed ips can do this.
    >
    > any patch is available?
    >
    >
    > Thanks in advance and sorry for poor english.
    >
    >
    > _________________________________________________________________
    > 책상위에 다리 올리고 느긋하게 즐긴다... MSN 온라인 상영관
    > http://vod.msn.co.kr
    >
    >
    > --------------------------------------------------------------------------
    -
    > FastTrain has your solution for a great CISSP Boot Camp. The industry's
    most
    > recognized corporate security certification track, provides a
    comprehensive
    > prospectus based upon the core principle concepts of security. This ALL
    INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
    utilization
    > of pertinent security tools. For a limited time you can enter for a chance
    > to win one of the latest technological innovations, the SEGWAY HT.
    > Log onto http://www.securityfocus.com/FastTrain-security-basics
    > --------------------------------------------------------------------------
    --
    >
    >
    >
    >
    ---------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
    recognized corporate security certification track, provides a comprehensive 
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization 
    of pertinent security tools. For a limited time you can enter for a chance 
    to win one of the latest technological innovations, the SEGWAY HT. 
    Log onto http://www.securityfocus.com/FastTrain-security-basics 
    ----------------------------------------------------------------------------
    

  • Next message: Gaurav Kumar: "Re: How secure is Email based password reset?"

    Relevant Pages

    • RE: p2p and ISA
      ... allow the user to install the application. ... > recognized corporate security certification track, ... This ALL INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter ...
      (Focus-Microsoft)
    • RE: Share Point?
      ... Sharepoint actually has the ability to use either Domain logins or locally ... Has anyone here tested Share Point's security? ... >INCLUSIVE curriculum utilizes lectures, ... For a limited time you can enter for a chance ...
      (Focus-Microsoft)
    • Re: GUIs for Win32 Snort?
      ... Do you Yahoo!? ... > recognized corporate security certification track, ... > of pertinent security tools. ... This ALL INCLUSIVE curriculum utilizes ...
      (Security-Basics)
    • RE: block internet at two workstations
      ... The removal of a default gateway or DNS entry from the ... host itself would also work but if these people know anything about ... >prospectus based upon the core principle concepts of security. ... >INCLUSIVE curriculum utilizes lectures, ...
      (Security-Basics)
    • RE: p2p and ISA
      ... A tool we use for managing our bandwidth is Packeteer's Packetshaper. ... prospectus based upon the core principle concepts of security. ... INCLUSIVE curriculum utilizes lectures, ... of pertinent security tools. ...
      (Focus-Microsoft)