re: bozo .htpasswd exposure

To: JP <rlntlss83%gmail.com@localhost>
Subject: re: bozo .htpasswd exposure
From: matthew green <mrg%eterna.com.au@localhost>
Date: Wed, 21 Nov 2018 18:40:55 +1100

> Found this a little while back:  Bozo will expose .htpasswd files.

indeed.  infact, the whole checking of special files has been
broken for a while.  i suspect some part of the librarification
allowed some failure modes to return success or continue, and,
the .htpasswd file itself is not protected if not compiled in
(the other special files are, regardless of whether they're
actually used by this bozo compile.)

i have fixed for a bunch of problems in a tree i'm testing.

thanks again!  we will issue an SA for this problem.


.mrg

References:
- bozo .htpasswd exposure
  - From: JP

Prev by Date: Re: bozo .htpasswd exposure
Next by Date: re: bozo .htpasswd exposure
Previous by Thread: Re: bozo .htpasswd exposure
Next by Thread: unsafe file permissions on /usr/bin/login
Indexes:

Home | Main Index | Thread Index | Old Index