[LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware by Efrain 'ET' Torres, Colombia 2002. etat_private +Disclaimer: blah. +Product: -SunONE Starter Kit v2.0 (Sun Microsystems) CD-ROM Version -ASTAware SearchDisk 2002. (ASTAWARE Technologies Inc.) +Introduction You are one of many, many people who have received the lastest Sun Microsystems SunONE Starter Kit. To Use it EASILY you need to install a search engine: "The Sun ONE Starter Kit (CDROM version) content spans several CDs and browsed using a web browser and a search engine that is lauched prior to using the CDs. The search engine allows the user to search through html documents located on all the CDs. It functions like a normal web search engine. The only difference is that it is used to search CDROMs. The search engine also aids in multi-CD navigation by prompting users to insert the correct CD when a link being followed points to another CD." "Without the search engine running, users won't be able to do searches as well as follow links that point to another CD." Taken from the Readme (CD1) +The Search Engine The Search engine is the ASTAware SearchDisk engine, made by ASTAware Technologies inc. (astaware.com). It appears that this engine is a modified version made for the SunONE Starter Kit. +The Problem When you install the search engine it asks whats the CD path (or in the Win version the CD Drive) and a temporal dir path. When you run the SearchDisk program, you just travel the Kit with your browser with a URL like this: http://localhost:6017/only_files_included_in_the_CD_path. The Serach engine server not only open tcp port 6017 it open ports: Server.cfg "Port - http service; used for Desktop Edition" -6015 (LISTENING) -6016 (LISTENING) -6017 (LISTENING) -6018 (LISTENING) Well, The SunONE Starter Kit says: "You Hold the keys to begin unlocking the power of Sun(tm) ONE." The problem is that not only you are going to unlock the power of SunONE you and EVERYBODY can unlock your entire Hard Drive!!!. Is just a simple Dir Transversal bug, Just: +Exploit http://IP_OF_SOMEONE_USING_THE_SunONE_KIT:6015/../../../../../ Access to the drive where the Astaware searchDisk is installed. http://IP_OF_SOMEONE_USING_THE_SunONE_KIT:6016/../../../../../ Access to the drive where the temp dir is. (C:\ ?) The bug is so ________ (put any word here) that is difficult to think that Sun Microsystems has shipped everywere this kit with a buggy search engine. Now you dont need a trojan to access the HD of everybody just give them a SunONE starter kit. "Get Knowledge"!!!!! And its so easy to spot this bug. +THE Fix! Dont use your modem or Unplug your network interface when you are using the Search engine in the SunONE kit... +Comments ....no words. +Other stuff. http://SearchDisk:6017/etc/Password http://SearchDisk:6017/etc/Root ... +ThE END Efrain 'ET' Torres [LoWNOISE] Colombia 2002 etat_private
This archive was generated by hypermail 2b30 : Sun Sep 29 2002 - 13:44:29 PDT