Re: phpix remote root exploit
You're right...not a root exploit. (but this exploit will make all local
root exploits act like remote root exploits)
Today I had a MyDoom breakfast, for lunch 12 gaim overflows and for
dinner a delicous phpix unsafe inclusion.
Anybody suggestions for the dessert?
Daniel van Eeden <daniel_e@dds.nl>
On Tue, 2004-01-27 at 23:57, Ruben Puettmann wrote:
> Du schriebst in linux.debian.security:
> > Someone used this bug to attack my system...
> > My advice to all phpix users...chmod 700 /var/www/phpix
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=229794
> >
> soory I don't see here any root exploit. phpix runs with the uid from
> the webserver or via suexec. And I mean that the debian apache don't run
> as root ( uid0).
>
> " Synnergy has recently discovered a flaw within PHPix that allow a
> remote user to traverse a directory as a request to the script using the
> $mode=album&album=_some_dir_variable. It is then possible to read any
> file or folder's contents with priviledges as the httpd."
>
> So which root exploit. If you have configured your php and permissions
> right using quota and so on ( all this thing's is a must be on an
> webserver) se server is not in trouble only the user which runs this
> script.
>
> Ruben
--
Daniel van Eeden <daniel_e@dds.nl> http://compukid.no-ip.org/
jabber: compukid@compukid.no-ip.org aim: Compukid128 icq: 36952189
Reply to: