Full Disclosure mailing list archives
Re: Security hole in Confixx backup script
From: Dirk Pirschel <dirk () pirschel de>
Date: Mon, 2 Aug 2004 13:00:28 +0200
Hi, * Dirk Pirschel wrote on Tue, 27 Jul 2004 at 01:57 +0200:
It is possible to retrieve *any* directory by replacing $HOME/files or $HOME/html with a symlink.
Even worse: A user might use the restore funktion to change the ownership of target files to his own. Under special circumstances, it is even possible to change the owner of /etc/{passwd,shadow} and then gain root access!
If you are using confixx, you should disable the backup script.
According to Christian Boltz <christian (dot) boltz (at) nexgo (dot) de>, this can be done by replacing or removing $confixx_docroot/user/tools_backup*.php You should also disable the restore script $confixx_docroot/user/tools_restore*.php. -Dirk -- Trouble with Windows? Reboot! Trouble with Linux? Be root!
Attachment:
_bin
Description:
Current thread:
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 02)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 09)
- Re: Security hole in Confixx backup script Thomas Loch (Aug 09)
- Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 09)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 10)
- Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 10)
- Re: Security hole in Confixx backup script Thomas Loch (Aug 10)
- Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 10)
- Re: Security hole in Confixx backup script Thomas Loch (Aug 09)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 10)
- RE: Security hole in Confixx backup script Aditya, ALD [Aditya Lalit Deshmukh] (Aug 10)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 09)