lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 16 Jun 2006 10:05:21 -0000
From: t.brehm@...config.org
To: bugtraq@...urityfocus.com
Subject: Re: [Bugtraq ID: 17909] ISPConfig Session.INC.PHP Remote File
 Include Vulnerability


The Exploit with Bugtraq ID: 17909 has been researched by the developers of the ISPConfig webhosting controlpanel. The result is that no ISPConfig 2.2.2 installation is vulnerable to this reported exploit.

Explanation:

1) The exploit expects a file (session.inc.php) to be in the webroot, but it is not installed in the webroot in any ISPConfig installation and therefore protected against direct calls or attacks.

2) The exploit expects register_globals set to on in the ISPConfig PHP. register_globals is off in all ISPConfig versions in the Apache on port 81.

The Vulnerability has already been discussed by the ISPConfig developers on the 7th. May, 2 days before the bugtraq posting.

For a detailed explanation and discussion, please have a look here:

http://www.howtoforge.com/forums/showthread.php?t=4123


ISPConfig 2.2.3 is not vulnerable to the exploit too and there has been additional coded added that prevents these type of attacks in case someone uses the ISPConfig files in third party projects that do not use the files outside the web root directory.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ