lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200605100308.k4A38ceJ003743@cairo.mitre.org>
Date: Tue, 9 May 2006 23:08:38 -0400 (EDT)
From: "Steven M. Christey" <coley@...re.org>
To: bugtraq@...urityfocus.com
Subject: Re: tseekdir.cgi<--Local File Include



>foud by: BoNy-m

Also apparently found by durito in September 2004, as identified in
the Turbo Seek product.

> /tseekdir.cgi?id=1055&location=/etc/passwd%00

This is the same exploit vector as what was reported in Secunia
SA12500 and BID 11163:

  http://www.securityfocus.com/bid/11163/exploit
  http://secunia.com/advisories/12500/

and claimed by Secunia to be fixed in 1.7.2.

> /tseekdir.cgi?location=/../../../../etc/passwd%00

The use of ".." seems to be a new attack that IDS people might want to
note, but in my experience, you can't be sure whether this is
exhbiting a distinct bug from the absolute path issue that was already
mentioned (one of the fun things about path traversal in general).
However, this would require testing against 1.7.2 or later versions
(since fixes for absolute path issues might still allow ".."
variants).

- Steve

P.S. to moderator - feel free to privately ask me to shut up about all
these errors, I swear I only comment on a small percentage of them :)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ