----- Begin Hush Signed Message from joetestaat_private ----- Vulnerability in Viking Web Server Overview Viking v1.07 is a 'multi-protocol-internet-server' available from http://www.robtex.com. A vulnerability exists with the web server which allows a remote user to break out of the web root using relative paths (ie: '...'). Details The following URL can be used to demonstrate the problem: http://localhost/\...\[file outside of web root] Solution The vendor, RobTex, has issued a beta version which fixes the problem. It is available at: http://www.robtex.com/viking/dl.htm Vendor Status RobTex was contacted via <robbanat_private> on Saturday, April 21, 2001. A prompt response stating that the vulnerability was fixed was received the next day. - Joe Testa e-mail: joetestaat_private web page: http://hogs.rit.edu/~joet AIM: LordSpankatron ----- Begin Hush Signature v1.3 ----- CtPyLI+vRE6ihHYxv91LtfEwdULnuaDkF+LluHYTAA2l5OuOhc+KLgoN9IFdn83haaOF K7jw1s9J4hXvGlCvHTHe4IA+sdINSjWvpe+WM/Mz9/knxIfSnmgadIcyVLKV4rzL2iYt sexpMQa1BbRYQVLNSepdISjVIVhn1Q4Aj/DWXwA56qiLX1d3FKHuYlktBuD6j1yvyb/J 77KiL0c7R+uPP3J8VN6tLkHx+hStGTrR2UgDtcDZapDJezXXgdPYVN6u5wI84apCCQcK Jcbl4CWcr4BElL/T7g+hJj4IuevwKGCU8W+3aVkeFsrf8xnLJYTt23jskWgm/fH2VKTg UIznG9WMZqczMIR8CFRX0wKwEzZeOJRN4JuiSjRAaKCEu18pxcSNAJ6WISg3Msd0DU4O ziX0qVvL7DDSOUofcXXtP8kg5wGYb6TyYhaqcnMHbhB8b5M/YZufmVRcVgNVVpRCMjmD GrDjAVl6GQVhAOuTSchKj9V8BEiBpikvydMXcFTA5m++ ----- End Hush Signature v1.3 ----- This message has been signed with a Hush Digital Signature. To verify the signature, please go to www.hush.com/tools Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 15:34:12 PDT