Am Donnerstag 07 Dezember 2006 14:37 schrieb Finn-Arne Johansen:
> Package: gosa
> Version: 2.5.6-2
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> The documentation in gosa tells the admin to install gosa.conf under
> /etc/gosa/gosa.conf, and to make it readable by the group www-data.
> In this configuration file, the ldap admin password is stored in
> cleartext. Any process running under the web process can now read that
> file, and if the same ldap users was used for authenticating , it would
> be rather easy to create a user with root access.
>
> this litle script placed under my ~/public_html/ revealed the password
> on my server
> <?php system ('cat /etc/gosa/gosa.conf') ; ?>
So, do you have another solution, actually? Any web application that stores
information about passwords has the same problem, you can simply get
passwords to mysql databases, etc.
Don't use public stuff on these administrative servers. I'm not responsible
for configuring your PHP installation, i.e. use PHPs secure mode to avoid
these cases.
Cheers,
Cajus
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
