Home page logo
/

bugtraq logo Bugtraq mailing list archives

Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity
From: Bernard Margelin <bernard.margelin () vigilante com>
Date: Fri, 23 Nov 2001 18:47:04 +0100

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Redhat Stronghold Secure Server File System Disclosure Vulnerability
Advisory Code: VIGILANTE-2001002
Release Date: November 23, 2001

Systems affected:
Stronghold/3.0 Apache/1.3.19 RedHat/3014 (Unix) PHP/3.0.18
mod_ssl/2.8.1 OpenSSL/0.9.6 mod_perl/1.25 

Systems not affected:
Stronghold/3.0 build 3015 

The problem:
In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that
allows a remote attacker to disclose sensitive system files including
the httpd.conf file, if a restricted access to the server status
report is not enabled when using those features.
This may assist an attacker in performing further attacks.

By trying the following urls, an attacker can gather sensitive
information :
http://target/stronghold-info will give information on configuration
http://target/stronghold-status will return among other information
the list of request made

Please note that this attack can be performed after a default
installation. The vulnerabiliy seems to affect all previous version
of Stonghold.

Vendor status:
Stronghold was contacted October 30, 2001 and answered the same day.
2 days later, they told us that they would release a patch soon. The
patch was finally released November 19, 2001.

Vulnerability Assessment:
A test case to detect this vulnerability was added to SecureScan NX
in the upgrade package of November 23, 2001. You can see the
documentation of this test case 17227 on SecureScan NX web site at
http://securescannx.vigilante.com/tc/17227 

Fix:
Installing Stronghold/3.0 build 3015 will solve the problem. 

CVE:
Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted to get a candidat number. 

Credit:
This vulnerability was discovered by Madalina Andrei and Reda
Zitouni, members of our Security Watch Team at Vigilante. We wish to
thank Stronghold for their fast answer to fix this problem. 

Copyright VIGILANTe.com, Inc. 2001-11-23

Disclaimer:
The information within this document may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences
whatsoever arising out of or in connection with the use or spread of
this information. Any use of this information lays within the user's
responsibility.

Feedback 
Please send suggestions, updates, and comments to isis () vigilante com 

VIGILANTe Vulnerability Disclosure Policy:
http://www.vigilante.com/inetsecurity/advisories/vulnerability_disclos
ure_policy.htm

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBO/6LmFc0qcp4Y4PuEQJR6gCgs3CqnGKQq9pEUfIJmEZvz2ERZCEAoOZq
O/B029dfrPDPjR6euRLIU3qh
=2u8C
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity Bernard Margelin (Nov 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]