GEN:SID | 1:1527 |
Message | WEB-MISC basilix mysql.class access |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Basilix webmail PHP script.
An attacker can access mysql.class file to obtain MySQL login and use it for further attacks.
|
Impact | Serious. Password disclosure which can lead to further system compromise.
authenticate directly to a mysql database. Many Sun Cobalt Linux servers use Basilix webmail
|
Detailed Information | A webserver usually sends files in the webroot to an anonymous user without further processing. PHP scripts often include files (which contain configuration variables, functions, etc.) that are stored using a suffix that does not prevent a webserver sending them in clear text. The ".class" suffix is not usually explicitly denied in a standard web server configuration and the file "mysql.class" may be sent to the attacker.
|
Affected Systems | |
Attack Scenarios | An attacker gets mysql.class containing database login credentials. The attacker can then connect to the database server using the login provided by mysql.class file and modify the database.
|
Ease of Attack | Simple
|
Corrective Action | Update Basilix script (www.basilix.org)
Check files which contain php code for a suffix that might be rendered in plaintext by the web server.
Workaround - register .class the same way that the extensions .php, .php3 or.php4 are registered in the web server configuration file. Note: .class is usually used by java applets
|
Additional References | |
Rule References | cve: 2001-1044
nessus: 10601
|