FOG Server 1.5.10.41.4 can leak authorized and rejected logins via logs stored directly on the root of the web server.
#!/bin/bash
source /opt/fog/.fogsettings
if [[ -z "${docroot}${webroot}" ]]; then
echo "Error: no FOG installation detected on this server."
exit 1
fi
touch "${docroot}${webroot}fog_login_accepted.log"
touch "${docroot}${webroot}fog_login_failed.log"
chmod 0200 "${docroot}${webroot}fog_login_accepted.log"
chmod 0200 "${docroot}${webroot}fog_login_failed.log"
chown www-data:www-data "${docroot}${webroot}fog_login_accepted.log"
chown www-data:www-data "${docroot}${webroot}fog_login_failed.log"
Summary
FOG Server 1.5.10.41.4 can leak authorized and rejected logins via logs stored directly on the root of the web server.
Details
FOG Server creates 2 logs on the root of the web server (fog_login_accepted.log and fog_login_failed.log), exposing the name of the user account used to manage FOG, the IP address of the computer used to login and the User-Agent.
PoC
You should see this :
or
Impact
All administrators managing FOG Server
Fast patch :