Vulnerability

    Discus

Affected

    Systems running Discus (Free discussion for your Web Site!)

Description

    Elaich Of Hhp  found following.   Discus has a  directory and file
    permission problem.   The code  is really  messy and  they need to
    learn  file  and   permission  operations  better.    The   source
    determines  the  mode  of  the  directories  and  files from other
    sources: Line: 533  in discus3_01/source/src-board-setup which  is
    a totally bad  idea being that  no matter what,  the private files
    should not be +r... ie, the  *.txt's  and so on.

Solution

    If  this  is  running  under  Linux,  FreeBSD or any system with a
    decent  shadow  password  system   or  something  similar  AND   a
    sanely-configured  web  server,  e.g.  with  CGIwrap, any internal
    wrappering which runs scripts as the owner of the script like  any
    later version of Apache with the integrated setuid wrapper, or  at
    the  very  least  just  outright  running  scripts as an arbitrary
    unprivileged  user,  there   is  no  problem.    You  can't   read
    /etc/shadow|/etc/master.passwd|/etc/whatever  if   you're  not   a
    privileged user.  Anyway, the software creates the directory  with
    666 perms.  In that directory there is a users.txt and a admin.txt
    which both contain  crypt(3) passwds.   The admin directory  where
    these files are found is mentioned in the documentation.  They  do
    tell you to make sure the directory is not web readable.