[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] A correction to "UNIRAS ALERT - 34/04"
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: [Full-Disclosure] A correction to "UNIRAS ALERT - 34/04"
- From: Ulf Härnhammar <Ulf.Harnhammar.9485@xxxxxxxxxxxxx>
- Date: Tue, 21 Sep 2004 17:58:42 +0200
----- Forwarded message from Ulf Härnhammar <Ulf.Harnhammar.9485@xxxxxxxxxxxxx>
-----
Date: Thu, 16 Sep 2004 12:24:39 +0200
From: Ulf Härnhammar <Ulf.Harnhammar.9485@xxxxxxxxxxxxx>
Reply To: Ulf Härnhammar <Ulf.Harnhammar.9485@xxxxxxxxxxxxx>
Subject: A correction to "UNIRAS ALERT - 34/04"
To: vulteam@xxxxxxxxxxxx
Hello,
I think this paragraph from your alert 34/04 is misleading:
> However for this vulnerability to be exploited, an attacker must first
> induce a normal user to install the malicious configuration files onto
> their servers before a exploit can take place.
In the scenario that I and SITIC have described, the attacker is the normal
user. If Peter is a customer of MegaISP, which allows their users to configure
their web pages with .htaccess files, Peter can hack MegaISP by storing
malicious .htaccess files in his web space at MegaISP. Thus, there is no need
for an attacker to induce a normal user to do anything.
Please correct this.
// Ulf Harnhammar
----- End of forwarded message -----
BTW, I wrote some more about this vulnerability in my Advogato blog.
--
Ulf Harnhammar
http://www.advogato.org/person/metaur/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html