[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] PHP Vulnerability found

Subject: RE: [cobalt-users] PHP Vulnerability found
From: "Curtis Ross" <Curtis_Ross@xxxxxx>
Date: Tue Jan 8 07:09:00 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Greetings all
> 
> We recently found a rather large exploitable hole within the .pkg
package
> available from the Cobalt website for PHP. It allows the user that PHP
is
> run as to su without permissions and run commands at a system level.
Using
> it we were able to create a file on / as a standard user using a
simple PHP
> command runner with a shell script. This obviously is a massive hole
as it
> opens your system up to any user who would like to run rm -fr / with
root
> privileges.
> 
> To fix it we applied the following countermeasures;
> 
> 1) We chowned /bin/su to root.admin
> 
> 2) Modified php.ini (located in /etc/httpd/php.ini) so that Safe Mode
was
> enabled by default (by default it is off)
> 
> This is obviously a very large bug on Cobalts behalf which has left a
gaping
> security hole particularly with regards to running PHP in safe mode.
> 
> --
> Kind regards,
> 
> Aussie Hosts
> An EDIT Group Division

And what did Cobalt say about this issue when you contacted them? You
did contact them before you told everyone about this issue right?

Follow-Ups:
- Re[2]: [cobalt-users] PHP Vulnerability found
  - From: Aussie Hosts
- [cobalt-users] Port 111 Attack
  - From: Sim Ayers

Prev by Date: [cobalt-users] Changing Filesystem Size for /
Next by Date: [cobalt-users] [RAQ4r] Where is the ftp log file ?
Previous by thread: [cobalt-users] Changing Filesystem Size for /
Next by thread: Re[2]: [cobalt-users] PHP Vulnerability found

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index