Confixx File Ownership Privilege Escalation

2004-06-25T00:00:00
ID OSVDB:8950
Type osvdb
Reporter Dirk Pirschel(dirk@pirschel.de)
Modified 2004-06-25T00:00:00

Description

Vulnerability Description

SWSoft Confixx contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the restore function to change the ownership of arbitrary system files, including /etc/{passwd,shadow}. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 3.0.3 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: disable the backup script.

Short Description

SWSoft Confixx contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the restore function to change the ownership of arbitrary system files, including /etc/{passwd,shadow}. This flaw may lead to a loss of integrity.

References:

Secunia Advisory ID:11953 Related OSVDB ID: 7272 Related OSVDB ID: 8949 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0568.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0832.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1316.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1062.html Bugtraq ID: 10607