[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] telnet on raq3 allows users to view source of other sites

Subject: Re: [cobalt-users] telnet on raq3 allows users to view source of other sites
From: PowerClicks <david@xxxxxxxxxxxxxxx>
Date: Sat Feb 19 07:32:26 2000

I believe this is generally the case with telnet access. Any user can read
any file on the server, although the files he/she does not have ownership to
cannot be modified or deleted.

Regards,

David

> From: Luc Schiltz <becher@xxxxxx>
> Reply-To: cobalt-users@xxxxxxxxxxxxxxx
> Date: Sat, 19 Feb 2000 13:05:02 +0100
> To: cobalt-users@xxxxxxxxxxxxx
> Subject: [cobalt-users] telnet on raq3 allows users to view source of other
> sites
> 
> hi,
> 
> why has anybody, who got telnet access, access to other sites e.g
> 
> I created a user called test with telnet access
> this user test logs into the raq3 an can cd /home/sites/site14
> do an ls -la of the web directory etc ...
> 
> is there any patch available for this ? as this presents a big security hole,
> e.g.
> a user who is running php3 and connects to a mysql database, he got the login
> & passwd
> of the mysql database stored in a file in the directory web ...
> 
> thanks
> 
> 
> Luc
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>

References:
- [cobalt-users] telnet on raq3 allows users to view source of other sites
  - From: Luc Schiltz

Prev by Date: [cobalt-users] Backup / Restore
Next by Date: [cobalt-users] eGroups type groupware suggestions?
Previous by thread: [cobalt-users] telnet on raq3 allows users to view source of other sites
Next by thread: Re: [cobalt-users] telnet on raq3 allows users to view source of other sites

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index