Prev-20 Home Next-20 2 msg pam.d common-passwd: obscure option includes 's... 1 msg Re[5]: Gravitation is not responsible for peopl... 4 msg sendmail vulnerability 4 msg 'obscure' in /etc/pam.d/common-password what do... 1 msg [SECURITY] [DSA 1012-1] New unzip packages fix ... 1 msg RE: [SECURITY] [DSA 1010-1] New ilohamail packa... 1 msg dear friend 10 msg Re: bug in tar 1.14-2.1 1 msg Re: [SECURITY] [DSA 1007-1] New drupal packages... 2 msg DSA 992-1 affecting other packages? 2 msg [MailServer Notification]Attachment Blocking No... 3 msg No suitable pubkey ? 2 msg Serious bug in security update for Crypt::CBC 1 msg Re: [SECURITY] [DSA 993-2] New GnuPG packages f... 2 msg Re: Thank you for contacting Mcafee Technical S... 1 msg RE: [SECURITY] [DSA 996-1] New Crypt::CBC packa... Apache + samba problem \ Maciej Gasiorowski (13 Mar 2006) 4 msg umn.edu security.d.o host unreachable 36 msg howto block ssh brute-force 2 msg Re: [SECURITY] [DSA 993-1] New GnuPG packages f... Prev-20 Home Next-20

Prev-Msg Prev-Thread Debian-security Mar-2006 Next-Thread Next-Msg Subject: Apache + samba problem Group: Debian-security From: Maciej Gasiorowski Date: 13 Mar 2006 Hello list. I've found out interesting thing using apache and samba on my test server. I'm not sure if it is a new issue but I couldn't find anything similar on google. I've configured apache to serve content from a mounted windows share. Now the best begins. When I add a backslash ("\") mark at the end of url like http://localhost/winshare/index.php\ apache displays my PHP code instead of executing it. Simple strace shows something like that: stat64("/home/winshare/index.php\\", {st_mode=S_IFREG|0644, st_size=217, ...}) = 0 lstat64("/home", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0 lstat64("/home/winshare", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 open("/home/winshare/.htaccess", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) lstat64("/home/winshare/index.php\\", {st_mode=S_IFREG|0644, st_size=217, ...}) = 0 open("/home/winshare/index.php\\", O_RDONLY|O_LARGEFILE) = 5 select(4, [3], NULL, NULL, {0, 0}) = 0 (Timeout) write(3, "HTTP/1.1 304 Not Modified\r\nDate:"..., 237) = 237 I guess that lstat or samba itself is stripping "\\" from the file during name lookup because it doesn't return 404 error. But the resulting extension (.php\) doesn't match any AddType directive, so apache is just displaying it in plain text. I've checked and after adding AddType application/x-httpd-php .php .php\ .php%5C code is being executed. I've tested in on two linux boxes but on single windows share so it could be some configuration error. I don't suppose there are a lot of production servers configured in similar way but it could still be an security issue. Sorry, if this is a faq. Best regards Maciej Gasiorowski -- To UNSUBSCRIBE, email to debian-security-REQUEST with a subject of "unsubscribe". Trouble? Contact listmaster Prev-Msg Prev-Thread Debian-security Mar-2006 Next-Thread Next-Msg

© 2004-2008 readlist.com