Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 053691.html (Request Expert securityfocus.com Support)

Re: some permission problem?

From: Barry Irwin <bvi(at)itouchlabs.com>
Date: Wed May 07 2003 - 11:15:29 EDT

Hi

I would assume that you are running some kind of unix platform. You should have a look at your HTTP server configuration as well as the log files, and try and determine how the person grabbed the password file. A number of older webservers were vulnerable to the so-called '..' or directory traversal whereby they person could do the following:

Given that the webserver webroot "/" is in /usr/www, they can send a request for /../../etc/passwd. Using normal Unix directory traversal, the passwd file would be retrieved.

I would suggest you investigate whether your web server is vulnerable to this problem first off, and possibly if you are able to correct this. However without further information its difficult to provide further assistance.

Barry 

--
Barry Irwin         bvi@itouchlabs.com                    Tel:
+27214875178
Systems Administrator: Networks And Security
iTouch Technology
iTouch TAS      
http://www.itouchlabs.com         Mobile: +27824457210


----- Original Message -----
From: "SB CH" 
To: 
Sent: Tuesday, May 06, 2003 9:29 AM
Subject: some permission problem?

> Hello, all.


-

> FastTrain has your solution for a great CISSP Boot Camp. The industry's


most

> recognized corporate security certification track, provides a


comprehensive

> prospectus based upon the core principle concepts of security. This ALL


INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization

> of pertinent security tools. For a limited time you can enter for a chance


--

>

>

>

>




---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto 
http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------
Received on Thu May 8 12:38:12 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:04:18 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library