Confixx Pro 2 and 3 are susceptible to an attack where files in /root can be accessed due to an error in the backup script.
e3a9ee63cd35f3378997d12f529189f75d0e6e0f0b1e74d1c4cc326272ac4347
From: Dirk Pirschel (/dirk_at_pirschel.de/)
Date: Jun 25 2004
------------------------------------------------------------------------
Hi,
I found a security hole in Confixx. A malicious backup request via the
webinterface might be used by any user to read files located in /root
(which is the default installation directory of confixx).
The most interesting files you can retrieve with this attack are:
/root/confixx/safe/shadow.tmp
/root/confixx/safe/shadow_header
These files are used to build /etc/shadow, i.e. they contain all
(encrypted) passwords used on this host.
SWSoft has been informed yesterday at 22:30 (CET).
If you are using confixx, you should disable the backup script.
-Dirk
--