[SNS Advisory No.39] WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability

From: snsadvat_private
Date: Tue Aug 21 2001 - 15:35:51 PDT

Next message: Fabian Melzow: "improper use of netfilter MIRROR target can cause DoS"

Previous message: Paul Millar: "IrDA semiremote vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----------------------------------------------------------------------
SNS Advisory No.39
WinWrapper Professional 2.0 Remote Arbitrary File Disclosure
Vulnerability

Problem first discovered: Mon, 16 Jul 2001
Published: Mon, 20 Aug 2001
----------------------------------------------------------------------

Overview:
---------
WinWrapper Professional 2.0 is a firewall software. It provides Web-based
remote console. This console contains a vulnerability to allow
attacker to read arbitrary files.

Problem Description:
--------------------
WinWrapper Professional 2.0 is a firewall software which is developed 
by ASCII NT, INC. It is designed to protect WindowsNT/2000 systems,
and provides additional Web-based capability of remote administration.
But the program which is used as remote administration server contains
a vulnerability. It is possible to read arbitrary files on the target
system with Local System context.

Ex.
http://>:4096/../../../winnt/repair/sam

note:
4096 is the port number used by default.

Tested Version:
---------------
WinWrapper Professional 2.0 Ver.2.0.0

Tested OS:
----------
Windows 2000 Server + SP2 [Japanese]

Patch Information:
------------------
Fixed module (Ver.2.0.1) is available on following URL:

http://www.tsc.ant.co.jp/products/download.htm

Discovered by:
--------------
ARAI Yuu (LAC / y.araiat_private)

Disclaimer:
-----------
All information in these advisories are subject to change without any 
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.

References
----------
Archive of this advisory(in preparation now):
	http://www.lac.co.jp/security/english/snsadv_e/39_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadvat_private>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/

Next message: Fabian Melzow: "improper use of netfilter MIRROR target can cause DoS"
Previous message: Paul Millar: "IrDA semiremote vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 16:39:15 PDT