SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Confixx Vendors:  SWsoft
Confixx Discloses '/root' Contents to Remote Authenticated Users
SecurityTracker Alert ID:  1010584
SecurityTracker URL:  http://securitytracker.com/id?1010584
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 25 2004
Impact:  Disclosure of system information, Disclosure of user information
Description:  A vulnerability was reported in Confixx. A remote authenticated user may be able to read files in the '/root' directory.

Dirk Pirschel reported that a remote authenticated user can supply a specially crafted backup request via the web interface to view files in '/root'. Files used to build the '/etc/shadow' password file can be obtained, the report said.

The vendor was reportedly notified on June 24, 2004.
Impact:  A remote authenticated user can view the contents of the '/root' directory.
Solution:  No solution was available at the time of this entry.

The author of the report recommends that, as a workaround, you disable the backup script.
Vendor URL:  www.sw-soft.com/en/products/confixx/ (Links to External Site)
Cause:  Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  Dirk Pirschel <dirk@pirschel.de>
Message History:   None.

 Source Message Contents
Date:  Fri, 25 Jun 2004 15:08:34 +0200
From:  Dirk Pirschel <dirk@pirschel.de>
Subject:  [Full-Disclosure] Security hole in Confixx backup script

 


--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

I found a security hole in Confixx.  A malicious backup request via the
webinterface might be used by any user to read files located in /root
(which is the default installation directory of confixx).

The most interesting files you can retrieve with this attack are:
  /root/confixx/safe/shadow.tmp
  /root/confixx/safe/shadow_header
These files are used to build /etc/shadow, i.e. they contain all
(encrypted) passwords used on this host.

SWSoft has been informed yesterday at 22:30 (CET).

If you are using confixx, you should disable the backup script.

-Dirk

--=20
Linux - The choice of a GNU generation

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFA3CPSxJ5Dfiog8/YRAn3zAJwLwFHsaNu550zImBv6rJdmooL6uwCgiY4Y
R0rGYwd0R6SL6ZGWnDQUpk4=
=oG1O
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC