Bugtraq mailing list archives
Re: Verity/Search'97 Security Problems
From: lev () APPLE COM (Lloyd Vancil)
Date: Thu, 16 Jul 1998 07:53:46 -0700
With my setup I can see world readable files but root readable only -/etc/shadow/- get errors. Verity's bug Id is 40663. As of this AM 16 July 98, they promise patch by end of week? It can be worse folks. the stuff comes off the cd owned by root. Lots and lots of it is 0777 that does not have to be. the only saving grace is that their scripting lang does not directly write files. But if the underlying webserver was misconfigured to allow writes you could upload a cgi to the s97 bin directory then use the engine to execute your own code... brrrrr It is a real good idea is to make the s97 stuff is owned by the same user as the httpd server And to make sure that user does not have privs you haven't thought out carefully. Also it would be smart to change the rest of the files to 644 or in some cases 400 L.
I've mentioned this a couple of weeks back to Verity tech support but unfortunatly nothing has happened since. ++ Intro There are two major security holes in the Verity/Search'97 software. The first one is a simple CGI hack that allows anybody with permission to execute the s97_cgi CGI script to look at files on the webserver. The second security problem is an authorization problem with the tasmgr application.
..snip lev@ _/_/_/_/ _/_/_/_/ _/_/_/_/ _/ _/_/_/ searchmaster@ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/_/_/ .com _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/ _/_/_/
Current thread:
- Verity/Search'97 Security Problems Stefan Arentz (Jul 14)
- <Possible follow-ups>
- Re: Verity/Search'97 Security Problems Lloyd Vancil (Jul 16)
- Re: Verity/Search'97 Security Problems Jay Soffian (Jul 16)
- Re: Verity/Search'97 Security Problems Jay Soffian (Jul 16)
- Re: Verity/Search'97 Security Problems Joe D'Andrea (Jul 20)
- Re: Verity/Search'97 Security Problems Joe D'Andrea (Jul 22)