Hello! It was surprise for me - Windows allow to open the file with name "wwwroot\--\..\..\conf\Eserv.ini" when folder "--" not exists. Seems this is Windows bug, not my, but I forced to fix Eserv. (Already fixed in the Eserv build 2841) Thank you again! ----- Original Message ----- From: Ussr Labs <labsat_private> To: <BUGTRAQat_private> Sent: Friday, November 05, 1999 2:17 AM Subject: Eserv 2.50 Web interface Server Directory Traversal Vulnerability > Eserv 2.50 Web interface Server Directory Traversal Vulnerability > > Product: > > Eserv/2.50 is the complete solution to access Internet from LAN: > > - Mail Server (SMTP and POP3, with ability to share one mailbox > on the ISP, aliases and mail routing support) > - News Server (NNTP) > - Web Server (with CGI, virtual hosts, virtual directory support, > web-interface for all servers in the package) > - FTP Server (with virtual directory support) > - Proxy Servers > * FTP proxy and HTTP caching proxy > * FTP gate > * HTTPS proxy > * Socks5, Socks4 and 4a proxy > * TCP and UDP port mapping > * DNS proxy > - Finger Server > - Built-in scheduler and dialer (dial on demand, > dialer server for extern agents, scheduler for any tasks) > > PROBLEM > > UssrLabs found a Eserv Web Server Directory Traversal Vulnerability > Using the string '../' in a URL, an attacker can gain read access to > any file outside of the intended web-published filesystem directory > > There is not much to expand on this one.... > > Example: > > http://127.1:3128/../../../conf/Eserv.ini to show all configuration file > including > account names > > > Vendor Status: > no contacted > > Vendor Url: http://www.eserv.ru/ > Program Url: http://www.eserv.ru/eserv/ > > Credit: USSRLABS > > SOLUTION > > Nothing yet.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:10:28 PDT