Tue Oct 25 06:02:10 2005

Ticket #1497 (Closed: fixed)

Campsite 2.3 security issue

Priority: normal Reporter: john
Severity: major Assigned to: mugur
Component: Security Status: closed
Version: 2.3.0 Resolution: fixed
Milestone: 2.3.3 Keywords:  

Description by john:

Please refer email sent to campsite-core list by john Tue Oct 25 2005

Changelog

Tue Oct 25 15:34:01 2005: Modified by paul

  • milestone changed from 2.4.0 to 2.3.3
  • owner changed from anonymous to mugur

Fri Oct 28 13:35:35 2005: Modified by mugur

  • resolution set to fixed
  • status changed from new to closed

Mon Oct 31 16:53:30 2005: Modified by paul

    This is John's email for full disclosure purposes: 

    I found a security issue in campsite which should be patched up if possible.
Campsite's cron jobs like notifyendsubs create output which includes the
MySQL password. By default, this password is the MySQL root password. A
person could snoop the email going out from a campsite and use it to
learn the root database password on that machine, and from there could
deface a campsite or learn personal information about subscribers.
>> [root@jdpipe redhat]# /usr/bin/notifyendsubs
>> sql server: localhost, sql port: 0, sql user: root, sql password:
>> xxxxxxxx, db name: campsite
>> smtp server: localhost, smtp wrapper: /usr/bin/smtp_wrapper
>> sql server: localhost, sql port: 0, sql user: root, sql password:
>> xxxxxxxx, db name: campsite2
>> smtp server: localhost, smtp wrapper: /usr/bin/smtp_wrapper