mailing list archives
Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity
From: Bernard Margelin <bernard.margelin () vigilante com>
Date: Fri, 23 Nov 2001 18:47:04 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Redhat Stronghold Secure Server File System Disclosure Vulnerability
Advisory Code: VIGILANTE-2001002
Release Date: November 23, 2001
Stronghold/3.0 Apache/1.3.19 RedHat/3014 (Unix) PHP/3.0.18
mod_ssl/2.8.1 OpenSSL/0.9.6 mod_perl/1.25
Systems not affected:
Stronghold/3.0 build 3015
In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that
allows a remote attacker to disclose sensitive system files including
the httpd.conf file, if a restricted access to the server status
report is not enabled when using those features.
This may assist an attacker in performing further attacks.
By trying the following urls, an attacker can gather sensitive
http://target/stronghold-info will give information on configuration
http://target/stronghold-status will return among other information
the list of request made
Please note that this attack can be performed after a default
installation. The vulnerabiliy seems to affect all previous version
Stronghold was contacted October 30, 2001 and answered the same day.
2 days later, they told us that they would release a patch soon. The
patch was finally released November 19, 2001.
A test case to detect this vulnerability was added to SecureScan NX
in the upgrade package of November 23, 2001. You can see the
documentation of this test case 17227 on SecureScan NX web site at
Installing Stronghold/3.0 build 3015 will solve the problem.
Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted to get a candidat number.
This vulnerability was discovered by Madalina Andrei and Reda
Zitouni, members of our Security Watch Team at Vigilante. We wish to
thank Stronghold for their fast answer to fix this problem.
Copyright VIGILANTe.com, Inc. 2001-11-23
The information within this document may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences
whatsoever arising out of or in connection with the use or spread of
this information. Any use of this information lays within the user's
Please send suggestions, updates, and comments to isis () vigilante com
VIGILANTe Vulnerability Disclosure Policy:
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
-----END PGP SIGNATURE-----
- Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity Bernard Margelin (Nov 23)