----- Forwarded message from Ulf H�rnhammar <[EMAIL PROTECTED]>
-----
Date: Thu, 16 Sep 2004 12:24:39 +0200
From: Ulf H�rnhammar <[EMAIL PROTECTED]>
Reply To: Ulf H�rnhammar <[EMAIL PROTECTED]>
Subject: A correction to "UNIRAS ALERT - 34/04"
To: [EMAIL PROTECTED]
Hello,
I think this paragraph from your alert 34/04 is misleading:
> However for this vulnerability to be exploited, an attacker must first
> induce a normal user to install the malicious configuration files onto
> their servers before a exploit can take place.
In the scenario that I and SITIC have described, the attacker is the normal
user. If Peter is a customer of MegaISP, which allows their users to configure
their web pages with .htaccess files, Peter can hack MegaISP by storing
malicious .htaccess files in his web space at MegaISP. Thus, there is no need
for an attacker to induce a normal user to do anything.
Please correct this.
// Ulf Harnhammar
----- End of forwarded message -----
BTW, I wrote some more about this vulnerability in my Advogato blog.
--
Ulf Harnhammar
http://www.advogato.org/person/metaur/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
