Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)
From: Tamer Sahin (ts@SECURITYOFFICE.NET)Date: 01/11/02
- Previous message: Tamer Sahin: "Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Jan 2002 16:33:18 +0200 From: Tamer Sahin <ts@SECURITYOFFICE.NET> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There two ways to solve this problem in Eserv:
1) Add "./" string to the AccessRights in Eserv with zero rights.
2) Install Eserv.exe update, it will block "./" access.
ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPD73rLuLpFMrXtywEQLbXwCdExDyl4KqQ7IFsRovf+OczlwUCzgAoJv3
fEeKRC9lmmBz92j05ymzL4Ej
=Fjfy
-----END PGP SIGNATURE-----
============================================================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
============================================================================
- Previous message: Tamer Sahin: "Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
