confixx.txt

confixx.txt: Posted Jun 29, 2004; Authored by Dirk Pirschel; Confixx Pro 2 and 3 are susceptible to an attack where files in /root can be accessed due to an error in the backup script.; tags | advisory, root; SHA-256 | e3a9ee63cd35f3378997d12f529189f75d0e6e0f0b1e74d1c4cc326272ac4347; Download | Favorite | View

confixx.txt

From: Dirk Pirschel (/dirk_at_pirschel.de/)
Date: Jun 25 2004

------------------------------------------------------------------------

Hi,

I found a security hole in Confixx. A malicious backup request via the
webinterface might be used by any user to read files located in /root
(which is the default installation directory of confixx).

The most interesting files you can retrieve with this attack are:
  /root/confixx/safe/shadow.tmp
  /root/confixx/safe/shadow_header
These files are used to build /etc/shadow, i.e. they contain all
(encrypted) passwords used on this host.

SWSoft has been informed yesterday at 22:30 (CET).

If you are using confixx, you should disable the backup script.

-Dirk

--

Top Authors In Last 30 Days

Red Hat 175 files
Ubuntu 51 files
Debian 24 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

confixx.txt

confixx.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

confixx.txt

Share This

confixx.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems