[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] MAJOR BUG, Browse any directory view any file

Subject: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
From: "Robbert Hamburg \(HaVa Web- & Procesdesign\)" <user@xxxxxxx>
Date: Wed May 28 04:16:02 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>


> A Client of mine has just found out that he can list the contents of
> /home/sites/ giving him a list of all the sites on the server.
> 
> Then with 2 lines of code he can view any file on another site on the
> server.
> 
> Does anyone have a fix for this!! This is a major security hole for SUN.

Over SSH ???

I think you can contain the user in his directory. 

We need some more information before calling this a huge security hole.

Robbert

References:
- [cobalt-users] MAJOR BUG, Browse any directory view any file
  - From: ISEE Multimedia

Prev by Date: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Next by Date: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Previous by thread: RE: [cobalt-users] MAJOR BUG, Browse any directory view any file
Next by thread: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index