[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3D8F442F.9992.1EC85A1@localhost>
From: dendler at idefense.com (David Endler)
Subject: iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iDEFENSE Security Advisory 09.23.2002
Directory Traversal in Dino's WebServer
DESCRIPTION
A vulnerability exists in the latest version of Dino’s Webserver that
can allow an attacker to view and retrieve any file on the system.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-1133 to this issue.
ANALYSIS
An exploit is possible from an attacker constructing a URL that would
cause Dino's Webserver to navigate to any desired folder in the same
logical drive and access the files in it. This can be achieved by
using the URL encoded character representations of "/" and "\". This
allows a user to traverse the server to any directory on the same
logical drive as the web application. e.g.
http://$host/%2f..%2f..%2f..$directory$file
This issue is similar to CVE-2002-0111 which involved a traditional
.. directory traversal flaw that was fixed.
DETECTION
This vulnerability affects Dino’s Webserver version 1.2
VENDOR RESPONSE
The author Anders Jensen, outdoors@...cali.no, stated:
"My webserver will be removed from the download`s that I control, I
neither hav the time or resources to do anything else at the moment."
The public download site, http://home.no.net/~nextgen/ has been
replaced with a message reading "Dino`s FunSoft is no longer
available. the software will maybe somtime in the future be available
on another label, but when and if for shure I really can`t tell,
sorry. Dino_"
Dino's Webserver remains available however via many other download
sites such as download.com, etc.
DISCLOSURE TIMELINE
8/10/2002 - Disclosed to iDEFENSE
9/6/2002 - Disclosed to Vendor, Anders Jensen
9/6/2002 - Disclosed to iDEFENSE Clients
9/14/2002 - Vendor Response
9/23/2002 - Public Disclosure
CREDIT
This issue was exclusively disclosed to iDEFENSE by Tamer Sahin
(ts@...urityoffice.net).
Get paid for security research:
http://www.idefense.com/contributor.html
David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071
dendler@...fense.com
www.idefense.com
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4B0ACC2A
iQA/AwUBPY98GUrdNYRLCswqEQI72ACg9Wk4Sz3/UMw48BBuexmMeYDbO7kAoMKX
KWsbJK1rUChBvXQcW/0wbB4F
=ymjN
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists