Home page logo

bugtraq logo Bugtraq mailing list archives

New getAccess[tm] Vulnerability
From: "rudi carell" <rudicarell () hotmail com>
Date: Mon, 05 Nov 2001 14:17:14

Good Morning Listmembers,

this is another posting(see 1st here http://www.securityfocus.com/bid/3109)
about Entrust s "getAccess[tm]" product

Problem Description:

"getAccess[tm]" (still) uses default shellscripts which start java-classes
for their web-applications.

due to missing input-validation it is possible to read files with getAccess
s permissions on the "getaccess"-machine. (only works in combination with
other input fields as described below)
in connection with config- and other files this can lead to a
total server-compromise(dont ask me how:-).


a HTTP-request to:

with the following parameters:
&locale= [relative FILE/PATH] [Nullbyte/0x00] [Backslash/0x5c]

... will lead to disclosure of [FILE/PATH]

Config-Filelist(depends heavily on config .. and can be found 2 trav s back



object: (helpwin.gas.bat  cgi-shell-scripts)

class: Reffering to OWASP-IV (Input Validation Classes)

Directory Traversal (IV-DT-1)
Null Character (IV-NC-1)
Meta Character (IV-MC-1)

remote: yes
local: ---

vendor: hast been informed with seperate e-mail
(security () entrust com/entrust () entrust com)

patch/fix: is already availiable and will be posted by entrust here today.

recomannded fix: sanitize meta-characters from user-input

personal remark: using shell-scripts for security-related software has
always been dangerous!!!

nice day,


security () freefly com
rudicarell () hotmail com

check out the brandnew Open Web Application Security project

Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

  By Date           By Thread  

Current thread:
  • New getAccess[tm] Vulnerability rudi carell (Nov 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]