Subject: Rare project developers
List archive
- From: mc36 <>
- To: Tim Waters <>, Frédéric LOUI <>, "" <>
- Subject: Re: [rare-dev] Security report received from amt-relay.geant.org
- Date: Fri, 25 Nov 2022 11:35:19 +0100
hi,
it was a bug in the http software providing the page... the bug is fixed by
the below commit:
https://github.com/rare-freertr/freeRtr/commit/c898cd5dfd9329316787c8e24f553746445bea24
and for now i get "not found" for the cooked url.. could you please redo the
investigation?
fl: maybe a reinstall or at least a password change sounds a good idea as
suggested by tim?
tim: thanks for reporting, i've added you to the greetings page in return:
http://www.freertr.org/greet.html
thanks,
cs
On 11/25/22 10:40, Tim Waters wrote:
Hi Csaba,
We have received a Local File Inclusion vulnerability report on
amt-relay.geant.org.
It is possible to read files on the server through the webserver.
http://amt-relay.geant.org/..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
<http://amt-relay.geant.org/..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd>
I suspect this to either be:
1. A configuration error in nginx ( nginx config uses / as root, but that
should probably be something different )
2. A bug in the software.
Could you please:
1.investigate the cause of this vulnerability, and report back?
2.do some preliminary investigation whether the system has been altered by
some one
3.If the vulnerability has been fixed, please change all passwords because they might have been compromised ( I noticed users root, p4 and your user account having a password in the shadow file )
If you need any help or advise in doing the above, please let me know.
Met vriendelijke groet/best regards,
Tim Waters
Senior (Information) Security Officer, Amsterdam Office
G ANT
T: +(31) (20) 5304488
M: +(31) (0) 651776721
Networks Services People
Learn more at www.geant.org <http://www.geant.org/>
*Working days: Monday, Tuesday, Wednesday & Friday.*
G ANT Vereniging (Association) is registered with the Chamber of Commerce in Amsterdam with registration number 40535155 and operates in the UK as a branch of G ANT Vereniging. Registered office: Hoekenrode 3, 1102BR Amsterdam, The Netherlands. UK branch address: City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.
--------------------------------------------------------------------
The information in this email and in any attachments with it is intended for the addressee(s) only and may include personal or confidential information that is legally privileged. Use of this information by individuals other than the addressee(s) and by individuals who are not authorised to access the information is prohibited. If you are not the addressee or are not authorised to access the information, then its disclosure, reproduction, distribution and/or provision to third parties is not permitted and you are requested to send this email back to us and to delete the original.
*From: *Fr d ric LOUI <>
*Date: *Friday, 25 November 2022 at 10:36
*To: *mc36 <>
*Cc: *Tim Waters <>
*Subject: *Security report received from amt-relay.geant.org
Hi Csaba,
I hope you are doing well.
Tim Waters from GEANT security would like to interact with you WRT a
vulnerability report he received.
@Tim, feel free to engage with Csaba RARE/freeRTr lead developer.
All the best,
Frederic
- Re: [rare-dev] Security report received from amt-relay.geant.org, mc36, 11/25/2022
- Re: [rare-dev] Security report received from amt-relay.geant.org, Tim Waters, 11/25/2022
Archive powered by MHonArc 2.6.19.