Fwd: [Gnump3d-users] Security Hole found in gnump3d

[Joshua Zimler]

Forgot to include this to the mailing list.

---------- Forwarded message ----------
From: Joshua Zimler <address@hidden
>
Date: Nov 1, 2007 10:46 PM
Subject: Re: [Gnump3d-users] Security Hole found in gnump3d
To: Ryan Hanna <address@hidden>

Here's my file:

address@hidden:~$ cat /usr/share/gnump3d/Tabular/error.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "

http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
" xml:lang="en" lang="en">
<head>
$META
<title>GNUMP3d :: $TITLE </title>
<meta name="description" content="CSS techniques to demonstrate pure CSS tabbed navigation menu" />
<meta name="keywords" content="" />

<style type="text/css">
body {margin: 0;
padding: 0;
background: #CACCB4;
font: 1em/1.7em arial, sans-serif; }

pre {text-indent: 30px;}

#banner {position: absolute;
top: 0;
left: 0;
height:50px;
width: 99%;
padding: 0;
margin: 0 1px;
border: 4px solid black;
color: black;
background: #ABAD85;
z-index: 5;}
body>#banner {position: fixed;}

#banner h1 {margin: 0;
padding: 5px;}

#tabmenu {color: #000;
position: absolute;
top: 52px;
padding: 0px;
z-index: 10;
margin-left: 15px;}
body>#tabmenu {position: fixed; top: 34px;}
head:first-child+body #tabmenu {top: 36px;} /*only mozilla*/

#tabmenu li {display: inline;
overflow: hidden;
list-style-type: none;}

#tabmenu a, a.active {color: #DEDECF;
background: #898B5E;
font-size: 0.8em;
font-weight: bold;
border: 3px solid black;
padding: 2px;
margin: 2px;
text-decoration: none;}

#tabmenu a.active {background: #ABAD85;
border-top: 3px solid #ABAD85; z-index: 30;}

#tabmenu a:hover {color: #fff;
background: #ADC09F;}

#tabmenu a:visited {color: #E8E9BE;}

#tabmenu a.active:hover {background: #ABAD85;
color: #D3DBCB;}

#content {background: #CACCB4;
font: 0.8em "Trebuchet MS", arial, sans-serif;
height: auto;
text-align: justify;
padding: 100px 70px 0px 70px;
z-index: 0;}

#content a {text-decoration: none;
color: #86862D;}

#content a:hover {background: #ADC09F;}
</style>

</head>

<body>

<div id="banner">
<h1>GNUMP3d v$RELEASE</h1>
</div>

<div id="content">

<table border="0" cellpadding="0" cellspacing="5" width="100%" bgcolor="#000000">
<tr><td>
<table border="0" cellpadding="0" cellspacing="0" width="100%" bgcolor="#eaecef">
<tr bgcolor="#d1d5d7"><td colspan="7" align="center"><h3>Error</h3></td></tr>
<tr><td>
$ERROR_MESSAGE
</td></tr>
</table>
</td></tr>
</table>

<p>&nbsp;</p>

On 11/1/07, Ryan Hanna <address@hidden> wrote:

Cool thanks.  I am running it on ubuntu server with no gui, and using the templates for the pages.  Do you know which part I have to remove from the error.html template to remove just the links?

 

---

From: Joshua Zimler [mailto:address@hidden]
Sent: Thursday, November 01, 2007 10:24 PM
To: Ryan Hanna
Subject: Re: [Gnump3d-users] Security Hole found in gnump3d

 

Actually, you don't even need to try three times, you just need to click "cancel" when you're prompted for a password.


I fixed it by simply removing the links on the html file on my computer. 

On 11/1/07, Ryan Hanna <address@hidden> wrote:

I found a security hole in the gnump3d service for ubuntu.  If you try and log in three times it takes you to a page that says you access has been restricted due to too many login attempts.  It still however shows the tool bar to the left side with all of the links.  The home link is inactive, however, all other tabs are still accessible.  You can actually go to the playlists tab, create your own and download music from the music archive.

 

Has anyone else experienced the same issue?  Anyone know a quick fix?

 

 

_______________________________________________
Gnump3d-users mailing list
address@hidden
http://lists.gnu.org/mailman/listinfo/gnump3d-users