[pLog-svn] [Lifetype Vulnerability] Very Serious File Disclosure Problem (read passwords/config whatever you want)

Jon Daley plogworld at jon.limedaley.com
Wed Feb 14 08:35:50 EST 2007


 	"infected" is probably the wrong word.  But, you can check if 
anyone has used it on your server, by running a command like:

find -name access.log\* -exec zgrep rss \{} \; |grep "\.\."

I wrote something like this to check my servers last night.

The basic idea is that someone can use the rss parser to read any file on 
your system - hrm. does it have to be relative?  maybe /etc/passwd 
would work as well?

On Wed, 14 Feb 2007, Ammar Ibrahim wrote:

> Can we have more info about this Vulnerability? I want to check if our
> servers are infected with it,
>
> Ammar
>
> On 2/13/07, Matt Wood <matt at woodzy.com> wrote:
>> Dev List,
>>
>> There exists a very serious file disclosure vulnerability within the RSS engines that allows anyone to read the contents of files considered to be secure.
>>
>> I highly suggest that everyone turn off all RSS off at the moment.
>>
>> I also suppose you will want to let other people know, I don't really have the time to mess with the forums warning people.
>>
>> Oscar / Jon, I will contact you separately later tonight as this vulnerability compromises  www.lifetype.net... and I don't really want our new server to get hosed.
>>
>> -Matt
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.lifetype.net
>> http://limedaley.com/mailman/listinfo/plog-svn
>>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com/

Some day my boat will come in, and
   with my luck I'll be at the airport.
-- Graffiti


More information about the pLog-svn mailing list