Full Disclosure: Re: Security hole in Confixx backup script

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Security hole in Confixx backup script

From: Dirk Pirschel <dirk () pirschel de>
Date: Mon, 2 Aug 2004 13:00:28 +0200

Hi,

* Dirk Pirschel wrote on Tue, 27 Jul 2004 at 01:57 +0200:

It is possible to retrieve *any* directory by replacing $HOME/files or
$HOME/html with a symlink.


Even worse: A user might use the restore funktion to change the
ownership of target files to his own.  Under special circumstances, it
is even possible to change the owner of /etc/{passwd,shadow} and then
gain root access!

If you are using confixx, you should disable the backup script.


According to Christian Boltz <christian (dot) boltz (at) nexgo (dot) de>,
this can be done by replacing or removing
$confixx_docroot/user/tools_backup*.php

You should also disable the restore script
$confixx_docroot/user/tools_restore*.php.

-Dirk

-- 
Trouble with Windows? Reboot!  Trouble with Linux? Be root!

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: Security hole in Confixx backup script Dirk Pirschel (Aug 02)
- Re: Security hole in Confixx backup script Dirk Pirschel (Aug 09)
  - Re: Security hole in Confixx backup script Thomas Loch (Aug 09)
    - Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 09)
    - Re: Security hole in Confixx backup script Dirk Pirschel (Aug 10)
    - Re: Security hole in Confixx backup script Valdis . Kletnieks (Aug 10)