Eserv 2.50 Web interface Server Directory Traversal Vulnerability

From: Ussr Labs (labsat_private)
Date: Thu Nov 04 1999 - 16:17:12 PST

Next message: Thomas Dullien: "Re: More Alibaba Web Server problems..."

Previous message: Thomas Biege: "Re: hylafax-4.0.2 local exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Eserv 2.50 Web interface Server Directory Traversal Vulnerability

Product:

Eserv/2.50 is the complete solution to access Internet from LAN:

- Mail Server (SMTP and POP3, with ability to share one mailbox
  on the ISP, aliases and mail routing support)
- News Server (NNTP)
- Web Server (with CGI, virtual hosts, virtual directory support,
  web-interface for all servers in the package)
- FTP Server (with virtual directory support)
- Proxy Servers
  * FTP proxy and HTTP caching proxy
  * FTP gate
  * HTTPS proxy
  * Socks5, Socks4 and 4a proxy
  * TCP and UDP port mapping
  * DNS proxy
- Finger Server
- Built-in scheduler and dialer (dial on demand,
  dialer server for extern agents, scheduler for any tasks)

PROBLEM

UssrLabs found a Eserv Web Server Directory Traversal Vulnerability
Using the string '../' in a URL, an attacker can gain read access to
any file outside of the intended web-published filesystem directory

There is not much to expand on this one....

Example:

http://127.1:3128/../../../conf/Eserv.ini   to show all configuration file
including
account names


Vendor Status:
no contacted

Vendor   Url: http://www.eserv.ru/
Program Url: http://www.eserv.ru/eserv/

Credit: USSRLABS

SOLUTION

    Nothing yet.

Next message: Thomas Dullien: "Re: More Alibaba Web Server problems..."
Previous message: Thomas Biege: "Re: hylafax-4.0.2 local exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:45 PDT