mailing list archives
Re: Security hole in Confixx backup script
From: Dirk Pirschel <dirk () pirschel de>
Date: Tue, 27 Jul 2004 01:57:04 +0200
* Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200:
A malicious backup request via the webinterface might be used by any
user to read files located in /root (which is the default installation
directory of confixx).
Confixx does a "cd $dir; tar czf ..." without any error checking. If
the target directory does not exist, the backup is done in the current
working directory, which is /root.
It is possible to retrieve *any* directory by replacing $HOME/files or
$HOME/html with a symlink.
If you are using confixx, you should disable the backup script.
Linux - Life is too short for reboots
- Re: Security hole in Confixx backup script Dirk Pirschel (Jul 27)