The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

wwacct.conf permissions?

Discussion in 'General Discussion' started by Curto, Mar 14, 2004.

  1. Curto

    Curto Active Member

    Joined:
    Sep 4, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NY, USA
    Is it possible to chmod wwacct.con 700 or something to stop it being world readable?
     
  2. BrightAdmin

    BrightAdmin Well-Known Member

    Joined:
    Feb 29, 2004
    Messages:
    204
    Likes Received:
    0
    Trophy Points:
    16
    Hi curto,

    Chmod 700 is enough, but try to set ownership and attributes to be safe on your part.

    Regards,

    Bright:)
     
  3. Curto

    Curto Active Member

    Joined:
    Sep 4, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NY, USA
    Thanks.

    Is there any list of files which we can lock down like this? I've searched the forums and can't find any...

    Also, will the permissions on the file be changed the next time cpanel updates it?
     
  4. Curto

    Curto Active Member

    Joined:
    Sep 4, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NY, USA
    Well... lets try this.

    Get one of the numerous cgi scripts/programs that allow a person to execute shell commands without actually having shell access...

    Then have them do cat /etc/wwwacct.conf

    [​IMG]

    As you can see... this file contains the aim and icq user/pass the server uses to send alerts, the primary ip/hostname, and the email/aim/icq contacts it sends alerts to.

    I consider this a vulnerability as users can then hijack the aim/icq accounts and possibly exploit the other information also.
     
  5. Curto

    Curto Active Member

    Joined:
    Sep 4, 2003
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NY, USA
    Any file that is world readable is accessible in this same way. That includes a LOT of files... think /etc/passwd ... a list of all users (which could be used to bypass having a-x on /home)

    This is a big issue.

    And I know you can disable perl modules, etc... but that won't work all the time... this particular backdoor I used is compiled... and it can be compiled on any other linux host and then uploaded into cgi-bin and used... so disabling compilers won't help you either.

    Combine this with the numerous hosts I bet still aren't patched for the last cpanel exploit and you have a HUGE hole
     
Loading...

Share This Page