[19053] in bugtraq
Re: Security hole in ChiliSoft ASP on Linux.
daemon@ATHENA.MIT.EDU (Gonzo Granzeau)
Tue Feb 6 22:00:56 2001
Mail-Followup-To: bugtraq@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010206183246.C4640@granzeau.com>
Date: Tue, 6 Feb 2001 18:32:46 -0600
Reply-To: Gonzo Granzeau <gonzo@GRANZEAU.COM>
From: Gonzo Granzeau <gonzo@GRANZEAU.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010206170007.B19941@jerkweed.kiva.net>; from mkrenz@KIVA.NET
on Tue, Feb 06, 2001 at 05:00:07PM -0500
On Tue, Feb 06, 2001 at 05:00:07PM -0500,
Mark Krenz <mkrenz@KIVA.NET> rambled:
> Affected systems:
>
> I tested and confirmed this problem on a RedHat Linux 6.2 machine
> running RedHat SecureWebServer 3.2.1, which is basically Apache 1.3.9
> with mod_ssl. I am unable to test this on Solaris or any other Un*x
> platform so I'm unsure if the problem exists on other OSes. Chili!Soft
> didn't specify whether the problem existed on other platforms.
All cobalt boxes that come with Chili!Soft have it on by default.
But they are not affected by this bug as the inherit_user is off by default:
/home/chiliasp/admin/bin/casp.cnfg:inherit_user=0
(For those using the great line of Cobalt products.)
gonzo
--
Gonzo Granzeau | gonzo@granzeau.com | feed me the stray cat.
'You're no one til someone hates you' -Snake River Conspiracy
