Bugtraq mailing list archives
Huge security holes in Microsoft FP98 server extensions for Apache
From: marcs () ZNEP COM (Marc Slemko)
Date: Sat, 11 Oct 1997 12:56:54 -0600
[Copies sent to bugtraq, inet-access, freebsd-security, the Apache development mailing list, and the comp.infosystems.www.servers.unix and microsoft.public.frontpage.extensions.unix newsgroups.] Microsoft's FrontPage 98 server side extensions for Apache under Unix include a small setuid root program (fpexe) to allow the FrontPage CGIs to be run as the user who owns the pages as opposed to them all running as the user the web server runs as. This is necessary to get around gaping loopholes that occur when all FrontPage documents are owned by the user the web server runs as. There are, however, gaping holes in this fpexe program that make it easily exploitable to eventually gain root. This is only in the FrontPage 98 extensions and is only in the Apache version; it is completely unrelated to any Apache code and only occurs in the Apache version simply because that is the only version where this functionality is provided. Details are at http://www.worldgate.com/~marcs/fp/
Current thread:
- Re: Possible weakness in LPD protocol Warner Losh (Oct 03)
- Re: Possible weakness in LPD protocol Brett Lymn (Oct 08)
- L0pht Advisory: IMAP4rev1 imapd server We got Food - Fuel - Ice-cold Beer - and X.509 certificates (Oct 08)
- Re: L0pht Advisory: IMAP4rev1 imapd server Marc Slemko (Oct 08)
- SNMP Insecurity Aleph One (Oct 08)
- Malicious Linux modules Runar Jensen (Oct 08)
- Re: L0pht Advisory: IMAP4rev1 imapd server Casper Dik (Oct 09)
- Security flaw in PGPverify of INN Lutz Donnerhacke (Oct 09)
- Re: L0pht Advisory: IMAP4rev1 imapd server Kragen Sitaker (Oct 09)
- Security flaw in Count.cgi (wwwcount) Razvan Dragomirescu (Oct 10)
- Huge security holes in Microsoft FP98 server extensions for Apache Marc Slemko (Oct 11)
- Re: Huge security holes in Microsoft FP98 server extensions for Aleph One (Oct 11)
- DOS PC FTP SERVER Efrain Torres Mejia (Oct 11)
- _very_ poor ISN generation on Ascend MAX (fwd) Marc Slemko (Oct 11)
- Re: L0pht Advisory: IMAP4rev1 imapd server Marc Slemko (Oct 08)
- Another way to exploit local classes in Java Andre L. Dos Santos (Oct 08)
- <Possible follow-ups>
- Re: Possible weakness in LPD protocol Oliver Friedrichs (Oct 03)
- Re: Possible weakness in LPD protocol Eivind Eklund (Oct 03)
- Re: Possible weakness in LPD protocol Doug Hughes (Oct 05)