Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[Fwd: HTTPd 1.5a Security Hole!!! (fwd)]

From: agent () l0pht com (Rogue Agent)
Date: Tue, 6 Feb 1996 19:28:04 -0500

---------- Forwarded message ----------
Date: Tue, 6 Feb 1996 17:47:08 -0600
From: John P. Nelson <jnelson () INTERNOC COM>
To: Multiple recipients of list IAP <IAP () VMA CC ND EDU>
Subject: HTTPd 1.5a Security Hole!!!

VERY IMPORTANT for Internet Service Providers using linux, providing
public WWW space!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--------------------------------------------------------------------
FROM:   The InterNetwork Operating Company, Inc.
RE:     InterNOC Security Advisory

Known Affected Systems:
        Linux 1.2.8 using NCSA HTTPd 1.5a

Description:

        The InterNetwork Operating Company has discovered a security hole
related to Linux 1.2.8 and NCSA HTTPd 1.5a.  In affected systems, the
NCSA server, running as nobody/nogroup is able to access any files that are
mode ?00 (readable only by owner).

        The security hole is known to occur through symbolic links as
well as through aliases specified in the srm.conf file.

        It is known that through properly placed symbolic links, it is
possible to obtain the shadow password file, user mail files, etc.  This
is extermely important for public Internet Service Providers that provide
users with WWW space.

        This same security hole has been tested on BSDI 2.0.1, which does
not appear to be affected.  It has not yet been tested on other systems
or with other http servers.

                jnelson () internoc com
                John Nelson
                The InterNetwork Operating Company, Inc.
Previous By Date Next
Previous By Thread Next

Current thread: