lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: dirk at pirschel.de (Dirk Pirschel)
Subject: Security hole in Confixx backup script

Hi,

* Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200:

> A malicious backup request via the webinterface might be used by any
> user to read files located in /root (which is the default installation
> directory of confixx).

Confixx does a "cd $dir; tar czf ..." without any error checking.  If
the target directory does not exist, the backup is done in the current
working directory, which is /root.

It is possible to retrieve *any* directory by replacing $HOME/files or
$HOME/html with a symlink.

> If you are using confixx, you should disable the backup script.

-Dirk

-- 
Linux - Life is too short for reboots
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040727/5cecd3ac/attachment.bin

Powered by blists - more mailing lists