Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Security hole in Confixx backup script
From: Dirk Pirschel <dirk () pirschel de>
Date: Tue, 27 Jul 2004 01:57:04 +0200

Hi,

* Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200:

A malicious backup request via the webinterface might be used by any
user to read files located in /root (which is the default installation
directory of confixx).

Confixx does a "cd $dir; tar czf ..." without any error checking.  If
the target directory does not exist, the backup is done in the current
working directory, which is /root.

It is possible to retrieve *any* directory by replacing $HOME/files or
$HOME/html with a symlink.

If you are using confixx, you should disable the backup script.

-Dirk

-- 
Linux - Life is too short for reboots

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
  • Re: Security hole in Confixx backup script Dirk Pirschel (Jul 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]