Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)

From: Tamer Sahin (tsat_private)
Date: Fri Jan 11 2002 - 06:30:48 PST

Next message: Rodent of Unusual Size: "Re: autoresponder program could be tricked by spamers to send unsolicitedmail to victim's address (fwd)"

Previous message: Simon Dick: "Re: Handspring Visor D.O.S"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There two ways to solve this problem in Eserv:

1) Add "./" string to the AccessRights in Eserv with zero rights.

2) Install Eserv.exe update, it will block "./" access.
ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA+AwUBPD73F7uLpFMrXtywEQLC0ACfTSznBfaxCPmp74yizQFlyXBgWZoAmJqu
KTLbiTNEI8R1kueD661l3Ic=
=1Lia
-----END PGP SIGNATURE-----

Next message: Rodent of Unusual Size: "Re: autoresponder program could be tricked by spamers to send unsolicitedmail to victim's address (fwd)"
Previous message: Simon Dick: "Re: Handspring Visor D.O.S"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 15:09:05 PST