RE: [Full-Disclosure] Novell WebAcces

From: Horseman, Michael W. (michael.horseman_at_capgemini.com)
Date: 01/07/05

  • Next message: Paul Starzetz: "Linux kernel sys_uselib local root vulnerability"
    Date: Fri, 7 Jan 2005 13:24:21 -0500
    To: <full-disclosure@lists.netsys.com>
    
    
    

    I think maybe you're seeing the directory traversal vulnerability
    identified in Groupwise. Groupwise 6 had this vulnerability as well as
    previous versions if I remember right.

    http://xforce.iss.net/xforce/xfdb/7287


    Thanks,

    Michael Horseman

    IT Security Analyst

    Capgemini

    michael.horseman@capgemini.com <mailto:michael.horseman@capgemini.com>

    w: 816.414.4925


    "Any sufficiently advanced technology is indistinguishable from magic."
    - Arthur C. Clarke

    ________________________________

    From: full-disclosure-bounces@lists.netsys.com
    [mailto:full-disclosure-bounces@lists.netsys.com] On Behalf Of noAcces
    Sent: Friday, January 07, 2005 3:42 AM
    To: full-disclosure@lists.netsys.com
    Subject: [Full-Disclosure] Novell WebAcces



    I was playing around when I found a small problem with Novell's
    WebAcces.
    With User.lang you can give in you're language as parameter I tried some
    different stuff there and when I tried "> so that the URL would be
    hxxp://www.notsohappyserver.com/servlet/webacc?User.Lang="> a Link
    apeared I clicked it and so I found some unprotected dirs.
    The problem is that the file
    hxxps://www.notsohappyserver/com/novell/webaccess/WebAccessUninstall.ini
    contains info about the servername context and install paths
    It seems that this is working on almost every webacces server.


    Kerst actie bij Lycos Mail: 50% korting op Lycos Xtra en Max!
    <http://mail.lycos.nl/?TARGETCODE=NL_email_footer_xmas>

    This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Paul Starzetz: "Linux kernel sys_uselib local root vulnerability"