[15898] in bugtraq
Roxen Web Server Vulnerability
daemon@ATHENA.MIT.EDU (zorgon@SDF.FREESHELL.ORG)
Fri Jul 21 17:50:48 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20000721074818.A10870@sdf.freeshell.org>
Date: Fri, 21 Jul 2000 07:48:18 +0000
Reply-To: zorgon@SDF.FREESHELL.ORG
From: zorgon@SDF.FREESHELL.ORG
To: BUGTRAQ@SECURITYFOCUS.COM
Hi all,
Excuse-me for my poor english :)
I discover two problems in Roxen Web server 2.0.46 (and certainly prior).
Perhaps it doesn't important.
* First problem:
Suppose that Roxen is installed by default in /usr/local, the
/usr/local/roxen/configurations/_configinterface/settings/administrator_uid file
holds the crypt password of the Web server's administrator.
By default, the permissions are on 644. So, it allows a local user to read and
decrypt the password.
* Second problem:
If you typed the URL: http://www.victim.com/%00/, you will see the contents of site
in question. This vulnerability was directly tested on the Roxen's web site:
http://www.roxen.com
--
zorgon@sdf.lonestar.org
Web Site : http://www.nightbird.fr.st
