lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAA5jaRvb1n9rZboATMQyJiq8Dk0sKCst7NMAZ_Z4iY7p9G-5eQ@mail.gmail.com>
Date: Thu, 27 Nov 2014 11:02:34 +1300
From: DS MailingList <ds.mailinglist.x@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] FileVista < v6.0.8.0 Insecure zip file handling

Hi list,

FileVista is an IIS package which installs a file server onto Windows
Server systems. More information can be obtained from their website at
http://www.gleamtech.com/filevista.

CVE-2014-8788: The zip file handling routines in FileVista leaks internal
paths when users attempt to write a zip file to a path in which the
FileVista user account does not have Write access to. The internal path is
the path at which FileVista is installed onto
("c:\\inetpub\\wwwroot\\FileVista" by default).

CVE-2014-8789: The zip file extraction routine does not validate the stated
path of the extracted files. Malicious users may modify the contents of the
zip file to cause the constituent files to be extracted above the normal
zip file root path. In certain misconfigurations, this could cause the user
to write aspx files to the "wwwroot/FileVista" directory and execute
arbitrary code.

GleamTech has released a new version of the FileVista software (v6.1) which
addresses the above issues.

/DS

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists