SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Confixx Vendors:   SWsoft
Confixx Discloses '/root' Contents to Remote Authenticated Users
SecurityTracker Alert ID:  1010584
SecurityTracker URL:  http://securitytracker.com/id/1010584
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 25 2004
Impact:   Disclosure of system information, Disclosure of user information


Description:   A vulnerability was reported in Confixx. A remote authenticated user may be able to read files in the '/root' directory.

Dirk Pirschel reported that a remote authenticated user can supply a specially crafted backup request via the web interface to view files in '/root'. Files used to build the '/etc/shadow' password file can be obtained, the report said.

The vendor was reportedly notified on June 24, 2004.

Impact:   A remote authenticated user can view the contents of the '/root' directory.
Solution:   No solution was available at the time of this entry.

The author of the report recommends that, as a workaround, you disable the backup script.

Vendor URL:  www.sw-soft.com/en/products/confixx/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] Security hole in Confixx backup script



--Q68bSM7Ycu6FN28Q
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

I found a security hole in Confixx.  A malicious backup request via the
webinterface might be used by any user to read files located in /root
(which is the default installation directory of confixx).

The most interesting files you can retrieve with this attack are:
  /root/confixx/safe/shadow.tmp
  /root/confixx/safe/shadow_header
These files are used to build /etc/shadow, i.e. they contain all
(encrypted) passwords used on this host.

SWSoft has been informed yesterday at 22:30 (CET).

If you are using confixx, you should disable the backup script.

-Dirk

--=20
Linux - The choice of a GNU generation

--Q68bSM7Ycu6FN28Q
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFA3CPSxJ5Dfiog8/YRAn3zAJwLwFHsaNu550zImBv6rJdmooL6uwCgiY4Y
R0rGYwd0R6SL6ZGWnDQUpk4=
=oG1O
-----END PGP SIGNATURE-----

--Q68bSM7Ycu6FN28Q--

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC