| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040726235704.GJ655@debian.local> From: dirk at pirschel.de (Dirk Pirschel) Subject: Security hole in Confixx backup script Hi, * Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200: > A malicious backup request via the webinterface might be used by any > user to read files located in /root (which is the default installation > directory of confixx). Confixx does a "cd $dir; tar czf ..." without any error checking. If the target directory does not exist, the backup is done in the current working directory, which is /root. It is possible to retrieve *any* directory by replacing $HOME/files or $HOME/html with a symlink. > If you are using confixx, you should disable the backup script. -Dirk -- Linux - Life is too short for reboots -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040727/5cecd3ac/attachment.bin
Powered by blists - more mailing lists