Re: List /home directory without logging in?
From: Jem Berkes (jb_at_users.pc9.org)
Date: 07/05/04
- Next message: Security Alert: "SSRT4775 rev.2 HP-UX Apache PHP Denial of Service (DoS)"
- Previous message: Steve Kemp: "Re: List /home directory without logging in?"
- In reply to: Alan Baker: "List /home directory without logging in?"
- Next in thread: Gandalf Parker: "Re: List /home directory without logging in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 5 Jul 2004 13:31:31 GMT
> How could someone list /home without logging in? Is there a known
> vuln I'm missing?
Likely, any uid can list /home because of the permissions on it. Mode 755
on /home lets any user list the contents and this is not unusual in itself.
Any application that isn't chrooted and lets a remote user execute commands
(even if it is under nobody's uid) can list /home, and that _is_ a problem.
An insecure PHP or CGI application for instance.
Listing /home doesn't do much good, other than helping determine which user
accounts exist. Viewing /etc/passwd would have done the same thing.
-- Jem Berkes http://www.sysdesign.ca/
- Next message: Security Alert: "SSRT4775 rev.2 HP-UX Apache PHP Denial of Service (DoS)"
- Previous message: Steve Kemp: "Re: List /home directory without logging in?"
- In reply to: Alan Baker: "List /home directory without logging in?"
- Next in thread: Gandalf Parker: "Re: List /home directory without logging in?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
