Vulnerability Development mailing list archives
Re: Bug in Apache 1.3.20 Server - Hackemate Research
From: Petr Baudis <pasky () pasky ji cz>
Date: Mon, 24 Sep 2001 19:37:18 +0200
Like you can see, the sess_ files permissions are -rw------- for user root or www-data (like ja apache is installed) All other users can't read the info (non of the same group nor the other users) only the user running the apache server itself so show me where the security leak is ? I think its normal that apach itself can read the file and no one else can!
Well, IMHO storing a plain-text password is a problem anyway, and against the 'good-practices'. Tell me, why passwords are usually stored only in md5 hash form in /etc/shadow? It's readable only for root, so should be no problem ;-). Possible intruder which will gain apache's privilegies, can read the file and get the plaintext passwords *very* easily, w/o running any brute-force decoder on them. And that's a Bad Thing (tm). -- Petr "Pasky" Baudis . . n = ((n >> 1) & 0x55555555) | ((n << 1) & 0xaaaaaaaa); n = ((n >> 2) & 0x33333333) | ((n << 2) & 0xcccccccc); n = ((n >> 4) & 0x0f0f0f0f) | ((n << 4) & 0xf0f0f0f0); n = ((n >> 8) & 0x00ff00ff) | ((n << 8) & 0xff00ff00); n = ((n >> 16) & 0x0000ffff) | ((n << 16) & 0xffff0000); -- C code which reverses the bits in a word. . . My public PGP key is on: http://pasky.ji.cz/~pasky/pubkey.txt -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s++:++ a--- C+++ UL++++$ P+ L+++ E--- W+ N !o K- w-- !O M- !V PS+ !PE Y+ PGP+>++ t+ 5 X(+) R++ tv- b+ DI(+) D+ G e-> h! r% y? ------END GEEK CODE BLOCK------
Current thread:
- Bug in Apache 1.3.20 Server - Hackemate Research Hackemate.com.ar (Sep 22)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Carl Schmidt (Sep 25)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Steve Grubb (Sep 30)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Petr Baudis (Sep 24)
- Re: Bug in Apache 1.3.20 Server - Hackemate Research Jay Gruner (Sep 22)
- <Possible follow-ups>
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Keith.Morgan (Sep 24)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Ron DuFresne (Sep 25)
- RE: Bug in Apache 1.3.20 Server - Hackemate Research Bloed (Sep 22)