[NT] EServ Password Protected File Arbitrary Read Access Vulnerability

From: support@securiteam.com
Date: 01/15/02


From: support@securiteam.com
To: list@securiteam.com
Date: Tue, 15 Jan 2002 09:38:51 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  EServ Password Protected File Arbitrary Read Access Vulnerability
------------------------------------------------------------------------

SUMMARY

 <http://www.eserv.ru/> EServ is a Mail, News, Web, FTP, and Proxy Server
for the Windows operating system. A vulnerability in the product allows
attackers to bypass password restrictions set on directories, allowing
them privileged access to administrative directories, or any other
directory that normal access would not be possible otherwise.

DETAILS

Vulnerable systems:
EServ version 2.97

The vulnerability allows you to view any password protected files and
folders on the web server.
http://host/./passwordprotected/

Example:
All services control panel.
http://host/./admin/

Solution:
There two ways to solve this problem in Eserv:

1) Add the "./" string to the AccessRights in Eserv with zero rights.
2) Install Eserv's update, it will block "./" access:
<ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip>
ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip

ADDITIONAL INFORMATION

The information has been provided by <mailto:tamer@ONAR.COM.TR> Tamer
Sahin.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [Full-Disclosure] eServ Memory Leak Solution
    ... the cause and solution of the eServ ... but cannot be exploited to cause major memory loss. ... eServ has had one other vulnerability, a buffer overrun in its virtual host ... I was also informed during discussions with the developer that the reason ...
    (Full-Disclosure)
  • eServ Memory Leak Solution
    ... the cause and solution of the eServ ... but cannot be exploited to cause major memory loss. ... eServ has had one other vulnerability, a buffer overrun in its virtual host ... I was also informed during discussions with the developer that the reason ...
    (Bugtraq)
  • Memory-leak vulnerability in EServ/3.00
    ... eServ includes Mail, News, Web, FTP and Proxy Servers. ... It's the most popular russian server. ... Several time ago similar vulnerability was founded in EServ/2.99 ...
    (Bugtraq)
  • Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability
    ... Eserv 2.97 Password Protected File Arbitrary Read Access ... The vulnerability allows you to view any password protected files and ... PGP Key ID: 0x2B5EDCB0 Fingerprint: ...
    (Bugtraq)
  • [EXPL] Apache Multiple Space Header DoS (Multi-Threaded Exploit)
    ... The exploit code below is another version of the Apache 2.0.52 DoS ... vulnerability published previously here: ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)