TUCoPS :: Linux :: General :: httpexpl.txt

linux 1.2.8 and NCSA httpd 1.5a security problem


Known Affected Systems:
        Linux 1.2.8 using NCSA HTTPd 1.5a

Description:

        The InterNetwork Operating Company has discovered a security hole
related to Linux 1.2.8 and NCSA HTTPd 1.5a.  In affected systems, the
NCSA server, running as nobody/nogroup is able to access any files that are
mode ?00 (readable only by owner).

        The security hole is known to occur through symbolic links as
well as through aliases specified in the srm.conf file.

        It is known that through properly placed symbolic links, it is
possible to obtain the shadow password file, user mail files, etc.  This
is extermely important for public Internet Service Providers that provide
users with WWW space.

        This same security hole has been tested on BSDI 2.0.1, which does
not appear to be affected.  It has not yet been tested on other systems
or with other http servers.

                jnelson@internoc.com
                John Nelson
                The InterNetwork Operating Company, Inc.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH