• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SWSoft Confixx Backup And Restore Script Information Disclosure And File Ownership Vulnerabilities

It is reported that SWSoft Confixx contains an information disclosure vulnerability in its backup script.

A user of Confixx has the ability to backup their files from the server. Reportedly, by issuing a malicious backup request, a regular user of Confixx may cause arbitrary root-accessible files to be backed up as well.

By issuing a malicious backup request, an attacker can download potentially sensitive information from the server. This information may aid the attacker in further attacks.

Reportedly, the restore procedure also contains a flaw that allows an attacker to take ownership of files on the hosting computer. This may allow an attacker to overwrite critical system files, resulting in denial of service conditions, information loss, or potentially even a full system compromise.