[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] MAJOR BUG, Browse any directory view any file

Subject: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
From: Richard Siddall <cobalt@xxxxxxxxxxx>
Date: Wed May 28 06:16:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

ISEE Multimedia wrote:

A Client of mine has just found out that he can list the contents of
/home/sites/ giving him a list of all the sites on the server.

Then with 2 lines of code he can view any file on another site on the
server.

Does anyone have a fix for this!! This is a major security hole for SUN.

Regards

Mark


Mark,

Can you really view any file, or just files that are world-readable?(You SHOULD be able to read any file that's world-readable.)

This sounds like something that comes up every couple of years. Readthe thread starting:

http://list.cobalt.com/pipermail/cobalt-users/2000-December/029831.html

I believe all *NIX web hosting systems work this way, unless themanufacturer goes to great lengths to create virtual dedicated servers.IIRC, three non-Cobalt systems I've used behave this way. (Just triedit on a Windows server, same behaviour.)


Regards,

	Richard.

References:
- [cobalt-users] MAJOR BUG, Browse any directory view any file
  - From: ISEE Multimedia

Prev by Date: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Next by Date: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Previous by thread: Re: [cobalt-users] MAJOR BUG, Browse any directory view any file
Next by thread: [cobalt-users] Re:MAJOR BUG, Browse any directory view any file

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index