Re: phpix remote root exploit

To: Daniel van Eeden <daniel_e@dds.nl>
Cc: debian-security@lists.debian.org
Subject: Re: phpix remote root exploit
From: Ruben Puettmann <ruben@puettmann.net>
Date: Tue, 27 Jan 2004 23:57:51 +0100
Message-id: <[🔎] E1Alc9X-0006Na-00@baloney.puettmann.net>
Reply-to: ruben@puettmann.net
In-reply-to: <1iK2g-4Ot-1@gated-at.bofh.it>
References: <1iK2g-4Ot-1@gated-at.bofh.it>

Du schriebst in linux.debian.security:
> Someone used this bug to attack my system...
> My advice to all phpix users...chmod 700 /var/www/phpix
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=229794
>
soory I don't see here any root exploit. phpix runs with the uid from
the webserver or via suexec. And I mean that the debian apache don't run
as root ( uid0). 

" Synnergy has recently discovered a flaw within PHPix that allow a
remote user to traverse a directory as a request to the script using the
 $mode=album&album=_some_dir_variable. It is then possible to read any
file or folder's contents with priviledges as the httpd."

So which root exploit. If you have configured your php and permissions
right using quota and so on ( all this thing's is a must be on an
webserver) se server is not in trouble only the user which runs this
script.

        Ruben


-- 
Ruben Puettmann
ruben@puettmann.net
http://www.puettmann.net

Reply to:

Follow-Ups:
- Re: phpix remote root exploit
  - From: Daniel van Eeden <daniel_e@dds.nl>

Prev by Date: Re: phpix remote root exploit
Next by Date: Re: Gaim remote overflows (12x)
Previous by thread: phpix remote root exploit
Next by thread: Re: phpix remote root exploit
Index(es):
- Date
- Thread