Bugtraq mailing list archives

Roxen Web Server Vulnerability

From: zorgon () SDF FREESHELL ORG (zorgon () SDF FREESHELL ORG)
Date: Fri, 21 Jul 2000 07:48:18 +0000


Hi all,

Excuse-me for my poor english :)
I discover two problems in Roxen Web server 2.0.46 (and certainly prior).
Perhaps it doesn't important.

* First problem:
Suppose that Roxen is installed by default in /usr/local, the
/usr/local/roxen/configurations/_configinterface/settings/administrator_uid file
holds the crypt password of the Web server's administrator.
By default, the permissions are on 644. So, it allows a local user to read and
decrypt the password.

* Second problem:
If you typed the URL: http://www.victim.com/%00/, you will see the contents of site
in question. This vulnerability was directly tested on the Roxen's web site:
http://www.roxen.com


--
zorgon () sdf lonestar org
Web Site : http://www.nightbird.fr.st

Current thread:

Roxen Web Server Vulnerability zorgon () SDF FREESHELL ORG (Jul 21)
- Re: Roxen Web Server Vulnerability Max Vision (Jul 21)
- MDKSA-2000:023 inn update Linux Mandrake Security Team (Jul 22)