lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20031209042949.10957.qmail@sf-www2-symnsj.securityfocus.com>
Date: 9 Dec 2003 04:29:49 -0000
From: Matthias Bethke <matthias.bethke@....net>
To: bugtraq@...urityfocus.com
Subject: BNCweb File Disclosure Vulnerability




BNCweb is a set of CGI scripts developed at the University of Zürich as a user-friendly query interface to the British National Corpus. It allows linguists to retrieve lexical, grammatical and textual data from this 100 million word collection of english texts using a web browser. For more information see http://homepage.mac.com/bncweb/home.html

BNCweb has been found prone to a file dicsclosure vulnerability that allows attackers to read any file accessible to the CGI user (typically "wwwrun") anywhere in the server's file systems by supplying a trivially manipulated URL to the query script. This includes web web server and system password files, opening the door for further compromises. However, exploitation requires access to the script itself, which in a correctly installed system is protected by the web server's access control mechanism, thus only registered users are able to carry out an attack.

The reason for this vulnerability is a piece of obsolete code left over from a development version. As a quick fix, the author suggests removing lines 23 to 25 in the BNCquery.pl script. This has no effect on the script's normal functionality.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ