Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Confixx Vendors:   SWsoft
Confixx Discloses '/root' Contents to Remote Authenticated Users
SecurityTracker Alert ID:  1010584
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 25 2004
Impact:   Disclosure of system information, Disclosure of user information

Description:   A vulnerability was reported in Confixx. A remote authenticated user may be able to read files in the '/root' directory.

Dirk Pirschel reported that a remote authenticated user can supply a specially crafted backup request via the web interface to view files in '/root'. Files used to build the '/etc/shadow' password file can be obtained, the report said.

The vendor was reportedly notified on June 24, 2004.

Impact:   A remote authenticated user can view the contents of the '/root' directory.
Solution:   No solution was available at the time of this entry.

The author of the report recommends that, as a workaround, you disable the backup script.

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] Security hole in Confixx backup script

Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


I found a security hole in Confixx.  A malicious backup request via the
webinterface might be used by any user to read files located in /root
(which is the default installation directory of confixx).

The most interesting files you can retrieve with this attack are:
These files are used to build /etc/shadow, i.e. they contain all
(encrypted) passwords used on this host.

SWSoft has been informed yesterday at 22:30 (CET).

If you are using confixx, you should disable the backup script.


Linux - The choice of a GNU generation

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see



Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC