[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] PHP Vulnerability found

Subject: [cobalt-users] PHP Vulnerability found
From: Aussie Hosts <support@xxxxxxxxxxxxxxx>
Date: Tue Jan 8 06:37:01 2002
Organization: EDIT Group
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Greetings all

We recently found a rather large exploitable hole within the .pkg package
available from the Cobalt website for PHP. It allows the user that PHP is
run as to su without permissions and run commands at a system level. Using
it we were able to create a file on / as a standard user using a simple PHP
command runner with a shell script. This obviously is a massive hole as it
opens your system up to any user who would like to run rm -fr / with root
privileges.

To fix it we applied the following countermeasures;

1) We chowned /bin/su to root.admin

2) Modified php.ini (located in /etc/httpd/php.ini) so that Safe Mode was
enabled by default (by default it is off)

This is obviously a very large bug on Cobalts behalf which has left a gaping
security hole particularly with regards to running PHP in safe mode.

-- 
Kind regards,

Aussie Hosts
An EDIT Group Division

Follow-Ups:
- RE: [cobalt-users] PHP Vulnerability found
  - From: Gavin Nelmes-Crocker
- [cobalt-users] FrontPage Users
  - From: Todd W

References:
- RE: [cobalt-users] Redirect http to https
  - From: Gavin Nelmes-Crocker
- [cobalt-users] Perl works on one virtual site but not on another?
  - From: Nigel Hewett
- Re: [cobalt-users] Perl works on one virtual site but not on another?
  - From: David Hurst

Prev by Date: Re: [cobalt-users] Perl works on one virtual site but not on another?
Next by Date: [cobalt-users] Changing Filesystem Size for /
Previous by thread: Re: [cobalt-users] Perl works on one virtual site but not on another?
Next by thread: RE: [cobalt-users] PHP Vulnerability found

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index