[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Major Security Flaw with apache on FC3



The Scenario :

get this php filemanager :
http://phpfm.sourceforge.net/#downloads
simply unzip into your web site directory

I have vhosts under a /data dir

rights 711 on the vhost dir, all fine
drwx--x--x  19 john data 4096 Jun 24 15:35 www.test.com

after calling the php file manager http://site.name/index.php
the rights on the directory are made world writeable

drwxrwxrwx  13 john data 4096 Jul  4 15:39 www.test.com

SCARY ---

apache error.log:

[Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] Premature end of script headers: index.php, referer: http://www.test.com/index.php
[Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] SoftException in Application.cpp:227: Directory "/data/www.test.com" is writeable by group, referer: http://www.test.com/index.php
[Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] *** glibc detected *** double free or corruption (fasttop): 0x099c6590 ***, referer: http://www.test.com/index.php
[Mon Jul 04 15:43:44 2005] [error] [client x.x.x.x] File does not exist: /data/www.test.com/favicon.ico
[Mon Jul 04 15:44:09 2005] [error] [client x.x.x.x] File does not exist: /data/www.test.com/favicon.ico
[Mon Jul 04 15:44:19 2005] [error] [client x.x.x.x] Premature end of script headers: index.php, referer: http://www.test.com/index.php
[Mon Jul 04 15:44:19 2005] [error] [client x.x.x.x] SoftException in Application.cpp:227: Directory "/data/www.test.com" is writeable by group, referer: http://www.test.com/index.php
[Mon Jul 04 15:44:19 2005] [error] [client x.x.x.x] *** glibc detected *** double free or corruption (fasttop): 0x08e16590 ***, referer: http://www.test.com/index.php



Switching between suphp and mod_php didtn change anything .. the rights on the dir are changed no matter
(the error above are with suphp enabled, with mod_php I didnt get any error but the same result)


On FC4 the problem didnt occur
------------
System Fedora Core 3 - No Selinux


httpd -V Server version: Apache/2.0.54 Server built: Apr 18 2005 21:03:32 Server's Module Magic Number: 20020903:9 Architecture: 32-bit Server compiled with.... -D APACHE_MPM_DIR="server/mpm/prefork" -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D HTTPD_ROOT="/etc/httpd" -D SUEXEC_BIN="/usr/sbin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_LOCKFILE="logs/accept.lock" -D DEFAULT_ERRORLOG="logs/error_log"


--

I didnt trace and debug the thing yet, pretty in a hurry right now, to find out what may have caused it ... if any1 heared about it .. ?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]