Confixx /root Directory Information Disclosure

2004-06-25T00:00:00
ID OSVDB:7272
Type osvdb
Reporter Dirk Pirschel(dirk@pirschel.de)
Modified 2004-06-25T00:00:00

Description

Vulnerability Description

SWSoft Confixx contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker issues a malicious backup request, which will backup the contents of "/root" and disclose all contents of the root directory, resulting in a loss of confidentiality.

Technical Description

A malicious backup request via the webinterface can disclose "/root/confixx/safe/shadow.tmp" and "/root/confixx/safe/shadow_header", which are used to build "/etc/shadow", i.e. these files contain all (encrypted) passwords used on the host, and are installed by default.

Solution Description

Upgrade to version 3.0.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable the backup script.

Short Description

SWSoft Confixx contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker issues a malicious backup request, which will backup the contents of "/root" and disclose all contents of the root directory, resulting in a loss of confidentiality.

References:

Secunia Advisory ID:11953 Related OSVDB ID: 8949 Related OSVDB ID: 8950 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0568.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0832.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1316.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1062.html Bugtraq ID: 10607