I found a security hole in Confixx. A malicious backup request via the webinterface might be used by any user to read files located in /root (which is the default installation directory of confixx).
The most interesting files you can retrieve with this attack are: /root/confixx/safe/shadow.tmp /root/confixx/safe/shadow_header These files are used to build /etc/shadow, i.e. they contain all (encrypted) passwords used on this host.
SWSoft has been informed yesterday at 22:30 (CET).
If you are using confixx, you should disable the backup script.
