TUCoPS :: SunOS/Solaris :: cobalt~1.htm

Cobalt Cube - read local files with webserver permissions 
Vulnerability

    Webmail

Affected

    Cobalt Cube

Description

    'KF' found following.   He just got a  new Cobalt Cube and  he has
    been poking around  at it for  security issues... He  noticed this
    minor issue in the  webmail system.  Your  users are not aloud  to
    have shell access by default however if they malform their mailbox
    requests  they  can  read  local  files  with  the  perms  of  the
    webserver.

    If your users  have shell access  they will not  really be gaining
    anything however this could be used to remotely gather information
    for a future attack.

        [admin admin]$ uname -a
        Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586 unknown
        [admin admin]$ cat /etc/issue

        Cobalt Linux release 6.0 (Carmel)
        Kernel 2.2.16C7 on an i586

        http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1

Solution

    Restrict access.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH