[16039] in bugtraq
Mandrake 5.3/7.0, RedHat 5.2/5.3/6.0 + Apache BUG
daemon@ATHENA.MIT.EDU (Kasatenko Ivan Alex.)
Tue Aug 1 18:00:08 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <7617850978.20000731024312@rnc.ru>
Date: Mon, 31 Jul 2000 02:43:12 +0400
Reply-To: "Kasatenko Ivan Alex." <skywriter@rnc.ru>
From: "Kasatenko Ivan Alex." <skywriter@rnc.ru>
To: BUGTRAQ@SECURITYFOCUS.COM
Lately my users helped me (in a way the call this ``hacking'' :) to
discover one unpleasant feature: a home catalog of ``nobody'' user is
"/" on most Mandrake's and RedHat's (any others?) I've seen, and with
such a setting in the httpd.conf (I assume this is typical?)...
> # UserDir: The name of the directory which is appended onto a user's home
> # directory if a ~user request is recieved.
>
> UserDir ./
.. any user may go to, for example,
http://www.malconfigured-host.com/~nobody/etc/ and get a list of files
in the /etc catalog. I assume this a hole.
Sincerely,
Ivan
