Home page logo
/

bugtraq logo Bugtraq mailing list archives

Mrtg Path Disclosure Vulnerability (Revised)
From: "Tamer Sahin" <ts () securityoffice net>
Date: Wed, 6 Feb 2002 00:30:19 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*/This is Mrtg Web Frontend 14all.cgi bug. You may find the revised
security announcement below/*

Mrtg/RRD 14all.cgi Path Disclosure Vulnerability

Type:
Input Validation Error

Release Date:
February 4, 2002

Product / Vendor:
14all.cgi is a CGI script to create html pages and graphics for Mrtg.

http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-rrd.html

Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg/RRD
14all.cgi script.

http://host/mrtg.cgi?cfg=blabla

Tested:
Mrtg/RRD 14all.cgi v1.1p15

Vulnerable:
Mrtg/RRD 14all.cgi v1.1p15

And may be other.

Demonstration:
http://barnes.bloomu.edu/cgi-bin/mrtg.cgi?cfg=blabla

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPGBc+buLpFMrXtywEQJRLACfQ6sMmsTi4fD3PG3p7AFDxmo3XogAnj58
fnyk5QpMwxQQ7WBFTQ/w+fj+
=rxm+
-----END PGP SIGNATURE-----





  By Date           By Thread  

Current thread:
  • Mrtg Path Disclosure Vulnerability (Revised) Tamer Sahin (Feb 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault