[Pkg-zope-developers] Bug#313644: zope2.7: Local security bug
Dmitry E. Oboukhov
"Dmitry E. Oboukhov" <dimka@uvw.ru>, 313644@bugs.debian.org
Tue, 14 Jun 2005 23:45:53 +0400
Package: zope2.7
Severity: grave
Justification: user security hole
uvw.ru:[/home/dimka]# umask
022
uvw.ru:[/home/dimka]# mkzope2.7instance
...
[skipped]
...
Directory: /tmp/testmkzope
...
[skipped]
uvw.ru:[/home/dimka]# ls -lR /tmp/testmkzope|grep inituser
-rw-r--r-- 1 root root 40 2005-06-14 23:40 inituser
^^^^^^^^^^
Problem:
uvw.ru:[/home/dimka]$ cat /tmp/testmkzope/inituser
dimka:{SHA}QL0AFWMIX8NRZTKeof9cXsvbvu8=
wo-a-la!
all users readable
this file contain administrator password (hash)
I whrite small cgi-script and crack/hack site (zope) (theoretically ;))
PS: sorry my bad english!
~~~~~~~~~~~~~~~~~~~~~~~~~
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-1-686
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R)