Bugtraq mailing list archives

Re: Cobalt root exploit

From: vermont () GATE NET (Illuminatus Primus)
Date: Fri, 26 Feb 1999 22:27:49 -0500


+----[ On Thu, Feb 25, at 05:15PM(-0500), xs wrote: ]--------------
| The Fix:
|
| Cobalt has released a security patch in the form of a
| package file that is installed through the web interface.
| The package file changes file permissions for all hidden
| files other than .htaccess in user home directories.
| Package files are available at:
| ftp://ftp.cobaltnet.com/pub/security or on our website
| at: ShellHistoryPatch-1.0.pkg.
+----[ End Quote ]---------------------------

This doesn't sound like a very good permanent fix; dotfiles can spring
into existence at any moment!  You'd have to keep running this fix
over and over to stop new files from being available over the web.

What Cobalt could do to permanently stop dotfiles from getting out
onto the net is to add the following to Apache's conf file:

<FilesMatch "^\.">
order allow,deny
deny from all
</FilesMatch>

This would prevent any file beginning with a dot from being allowed
out through the web.

Current thread:

Cobalt root exploit Patrick Oonk (Feb 25)
- Re: Cobalt root exploit Jon Lewis (Feb 25)
- <Possible follow-ups>
- Re: Cobalt root exploit John Fraizer (Feb 26)
- Re: Cobalt root exploit John Fraizer (Feb 26)
  - Re: Cobalt root exploit Joel Eriksson (Feb 27)
  - [mutt security] tempfile race in mutt Thomas Roessler (Feb 28)
- Re: Cobalt root exploit Illuminatus Primus (Feb 26)