Security hole in Confixx backup script

[Dirk Pirschel <dirk () pirschel de>]

Hi,

I found a security hole in Confixx.  A malicious backup request via the
webinterface might be used by any user to read files located in /root
(which is the default installation directory of confixx).

The most interesting files you can retrieve with this attack are:
  /root/confixx/safe/shadow.tmp
  /root/confixx/safe/shadow_header
These files are used to build /etc/shadow, i.e. they contain all
(encrypted) passwords used on this host.

SWSoft has been informed yesterday at 22:30 (CET).

If you are using confixx, you should disable the backup script.

-Dirk

-- 
Linux - The choice of a GNU generation

Attachment: _bin
Description: