[Vtigercrm-commits] [vtiger development] #7341: Security Problem with Backups
vtiger development
vtiger-tickets at trac.vtiger.com
Fri Jan 27 04:43:48 PST 2012
#7341: Security Problem with Backups
------------------------+---------------------------------------------------
Reporter: bastian | Owner: developer
Type: defect | Status: new
Priority: unassigned | Milestone: Unassigned
Component: vtigercrm | Version: 5.3.0
Severity: High | Keywords:
------------------------+---------------------------------------------------
I´ve found a security problem with the Backup Server... I have it
configured to store the ZIPed backups outside of apache ( /home/backups
with permissions to www-data.. ). This is working well but investigating a
little bit, the backup script will generate a complete SQL dump into a
file named <unix time in seconds>.sql ( for ex: 1327652973.sql ), the
problem is that this file will be stored in the backup subfolder of the
vtiger installation, and as so it is within range of apache and this meens
that acces to this folder es PUBLIC ! You can download the file without
entering authentication ( for ex
http://10.0.0.1/vtigercrm/backup/1327652973.sql )
You need to know the filename as my apache don´t list files but someone
only have to write a little script that seeks backwards in unix-time
searching for the sql file.
If attacker gets the file he have it all, every email-configuration and
every customer and business sensible information !
By now I've written a little cronjob script that deletes every file within
/var/www/vtigercrm/backup every few minutes.
It would be great if the PHP script stores these temporary file somewhere
else for ex /tmp and deletes them after completing the backup.
Regards.
--
Ticket URL: <http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7341>
vtiger development <http://trac.vtiger.com/>
vtiger CRM
More information about the vtigercrm-commits
mailing list