COMMAND

    Webmail

SYSTEMS AFFECTED

    Cobalt Cube

PROBLEM

    'KF' found following.   He just got a  new Cobalt Cube and  he has
    been poking around  at it for  security issues... He  noticed this
    minor issue in the  webmail system.  Your  users are not aloud  to
    have shell access by default however if they malform their mailbox
    requests  they  can  read  local  files  with  the  perms  of  the
    webserver.

    If your users  have shell access  they will not  really be gaining
    anything however this could be used to remotely gather information
    for a future attack.

        [admin admin]$ uname -a
        Linux cube.ckfr.com 2.2.16C7 #1 Fri Sep 8 15:58:03 PDT 2000 i586 unknown
        [admin admin]$ cat /etc/issue

        Cobalt Linux release 6.0 (Carmel)
        Kernel 2.2.16C7 on an i586

        http://YOURCOBALTBOX:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/passwd&id=1

SOLUTION

    There  is  a  HTTP  Qube3-ml-Security-2.0.1-10626.pkg  posted   on
    August 9th, 2001.   Point your FTP client to

        ftp://ftp.cobalt.com

    This patch addresses a security hole where a user is able to  view
    files via Webmail.