Date: Fri, 21 Jul 2000 07:48:18 +0000 From: zorgon@SDF.FREESHELL.ORG Subject: Roxen Web Server Vulnerability To: BUGTRAQ@SECURITYFOCUS.COM Hi all, Excuse-me for my poor english :) I discover two problems in Roxen Web server 2.0.46 (and certainly prior). Perhaps it doesn't important. * First problem: Suppose that Roxen is installed by default in /usr/local, the /usr/local/roxen/configurations/_configinterface/settings/administrator_uid file holds the crypt password of the Web server's administrator. By default, the permissions are on 644. So, it allows a local user to read and decrypt the password. * Second problem: If you typed the URL: http://www.victim.com/%00/, you will see the contents of site in question. This vulnerability was directly tested on the Roxen's web site: http://www.roxen.com -- zorgon@sdf.lonestar.org Web Site : http://www.nightbird.fr.st