[LWN Logo]
[Timeline]
Date:         Fri, 21 Jul 2000 07:48:18 +0000
From: zorgon@SDF.FREESHELL.ORG
Subject:      Roxen Web Server Vulnerability
To: BUGTRAQ@SECURITYFOCUS.COM

Hi all,

Excuse-me for my poor english :)
I discover two problems in Roxen Web server 2.0.46 (and certainly prior).
Perhaps it doesn't important.

* First problem:
Suppose that Roxen is installed by default in /usr/local, the
/usr/local/roxen/configurations/_configinterface/settings/administrator_uid file
holds the crypt password of the Web server's administrator.
By default, the permissions are on 644. So, it allows a local user to read and
decrypt the password.

* Second problem:
If you typed the URL: http://www.victim.com/%00/, you will see the contents of site
in question. This vulnerability was directly tested on the Roxen's web site:
http://www.roxen.com


--
zorgon@sdf.lonestar.org
Web Site : http://www.nightbird.fr.st