Vulnerability Development mailing list archives
Re: Bug in Apache 1.3.20 Server - Hackemate Research
From: Carl Schmidt <carl () slackerbsd org>
Date: Mon, 24 Sep 2001 16:20:42 -0400
On Mon, Sep 24, 2001 at 07:37:18PM +0200, Petr Baudis wrote:
Like you can see, the sess_ files permissions are -rw------- for user root or www-data (like ja apache is installed) All other users can't read the info (non of the same group nor the other users) only the user running the apache server itself so show me where the security leak is ? I think its normal that apach itself can read the file and no one else can!Well, IMHO storing a plain-text password is a problem anyway, and against the 'good-practices'. Tell me, why passwords are usually stored only in md5 hash form in /etc/shadow? It's readable only for root, so should be no problem ;-). Possible intruder which will gain apache's privilegies, can read the file and get the plaintext passwords *very* easily, w/o running any brute-force decoder on them. And that's a Bad Thing (tm).
As it has been said before -- this is not a problem with apache. Apache doesn't write sess_whatever files...php does when using sessions. If the initial emailer were concerned about where the files are being put they can edit 'session.save_path' in php.ini. That is if they're using php (just seems to be the likely thing...) -- Carl Schmidt Just like the pied piper led rats through the streets We dance like marionettes swaying to the symphony of destruction http://slackerbsd.org/
Attachment:
_bin
Description:
Current thread:
- Bug in Apache 1.3.20 Server - Hackemate Research Hackemate.com.ar (Sep 22)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Carl Schmidt (Sep 25)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Steve Grubb (Sep 30)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Jay Gruner (Sep 22)
- <Possible follow-ups>
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Keith.Morgan (Sep 24)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Ron DuFresne (Sep 25)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)