Full Disclosure mailing list archives
Re: Security hole in Confixx backup script
From: Dirk Pirschel <dirk () pirschel de>
Date: Tue, 27 Jul 2004 01:57:04 +0200
Hi, * Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200:
A malicious backup request via the webinterface might be used by any user to read files located in /root (which is the default installation directory of confixx).
Confixx does a "cd $dir; tar czf ..." without any error checking. If the target directory does not exist, the backup is done in the current working directory, which is /root. It is possible to retrieve *any* directory by replacing $HOME/files or $HOME/html with a symlink.
If you are using confixx, you should disable the backup script.
-Dirk -- Linux - Life is too short for reboots
Attachment:
_bin
Description:
Current thread:
- Re: Security hole in Confixx backup script Dirk Pirschel (Jul 26)