Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Re: Phun With Apache
From: Graham Reed <greed () pobox com>
Date: Mon, 11 Apr 2005 18:43:13 -0400
On Apr 1, 2005, at 4:19 AM, duper () willhackforfood biz wrote:

## Apache follows symbolic links referenced by public_html!
## Even when SymLinksifOwnerMatch is set and FollowSymLinks is not!
## A super-easy way to gain read access on files owned by the apache user! 

It's not (only) a mod_userdir problem.
I found the problem is fully reproducible on the intranet server I run--but it does not use mod_userdir. It gets its work done with AliasMatch directives.
I currently believe the culprit is the <Directory> and <DirectoryMatch> directives are allowing symbolic links, without following the ifOwnerMatch part of the directive. 

--
"Dead people don't send spam."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]