Hi,
* Sergey Lystsev wrote on Fri, 13 Aug 2004 at 17:47 +0700:
> You did not mention in which Confixx version you have found these errors.
Confixx 2.0.*
Confixx 3.0.2
> Confixx development team can say, that all 3 mentioned issues:
> are fixed now (since 19 July 2004).
> The properly updated sy
Hi,
* Dirk Pirschel wrote on Tue, 10 Aug 2004 at 12:42 +0200:
> The race condition between "tar xzf" and "chmod -R" can be won, if there
> are many files or simply one big file in the archives. A quick "mv"
> should prevent the suid programm from beeing ch
Hi,
* [EMAIL PROTECTED] wrote on Mon, 09 Aug 2004 at 21:26 -0400:
> On Tue, 10 Aug 2004 02:16:24 +0200, Thomas Loch said:
> > What if someone creates a shell script [...] and sets the SetUID
> > flag. Then he makes a backup of that file and restores the backup
> > while he prevents the chown-comm
Hi,
* Dirk Pirschel wrote on Mon, 02 Aug 2004 at 13:00 +0200:
> A user might use the restore funktion to change the ownership of
> target files to his own.
The restore script runs with root privileges. It unpacks the archive,
and then executes "chown -R $user" in the desti
Hi,
* Dirk Pirschel wrote on Tue, 27 Jul 2004 at 01:57 +0200:
> It is possible to retrieve *any* directory by replacing $HOME/files or
> $HOME/html with a symlink.
Even worse: A user might use the restore funktion to change the
ownership of target files to his own. Under special circums
Hi,
* Dirk Pirschel wrote on Fri, 25 Jun 2004 at 15:08 +0200:
> A malicious backup request via the webinterface might be used by any
> user to read files located in /root (which is the default installation
> directory of confixx).
Confixx does a "cd $dir; tar czf ..." without
Hi,
I found a security hole in Confixx. A malicious backup request via the
webinterface might be used by any user to read files located in /root
(which is the default installation directory of confixx).
The most interesting files you can retrieve with this attack are:
/root/confixx/safe/shadow
