|
Bugtraq
mailing list archives
Re: Eserv 2.50 Web interface Server Directory Traversal Vulnerability
From: andrey () CHEREZOV KOENIG SU (Andrey Cherezov)
Date: Tue, 9 Nov 1999 00:19:36 +0200
Hello!
It was surprise for me - Windows allow to open the file
with name "wwwroot\--\..\..\conf\Eserv.ini"
when folder "--" not exists. Seems this is Windows bug, not my,
but I forced to fix Eserv. (Already fixed in the Eserv build 2841)
Thank you again!
----- Original Message -----
From: Ussr Labs <labs () USSRBACK COM>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Friday, November 05, 1999 2:17 AM
Subject: Eserv 2.50 Web interface Server Directory Traversal Vulnerability
Eserv 2.50 Web interface Server Directory Traversal Vulnerability
Product:
Eserv/2.50 is the complete solution to access Internet from LAN:
- Mail Server (SMTP and POP3, with ability to share one mailbox
on the ISP, aliases and mail routing support)
- News Server (NNTP)
- Web Server (with CGI, virtual hosts, virtual directory support,
web-interface for all servers in the package)
- FTP Server (with virtual directory support)
- Proxy Servers
* FTP proxy and HTTP caching proxy
* FTP gate
* HTTPS proxy
* Socks5, Socks4 and 4a proxy
* TCP and UDP port mapping
* DNS proxy
- Finger Server
- Built-in scheduler and dialer (dial on demand,
dialer server for extern agents, scheduler for any tasks)
PROBLEM
UssrLabs found a Eserv Web Server Directory Traversal Vulnerability
Using the string '../' in a URL, an attacker can gain read access to
any file outside of the intended web-published filesystem directory
There is not much to expand on this one....
Example:
http://127.1:3128/../../../conf/Eserv.ini to show all configuration file
including
account names
Vendor Status:
no contacted
Vendor Url: http://www.eserv.ru/
Program Url: http://www.eserv.ru/eserv/
Credit: USSRLABS
SOLUTION
Nothing yet.
 By Date 
By Thread
Current thread:
|
Intro
