[UNIX] HNS's webif.cgi Allows Overwriting of Diary Content
From: support@securiteam.comDate: 02/18/02
- Previous message: support@securiteam.com: "[NT] Blue World Web Data Engine Web Server Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 18 Feb 2002 22:23:20 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
HNS's webif.cgi Allows Overwriting of Diary Content
------------------------------------------------------------------------
SUMMARY
<http://www.h14m.org/> Hyper NIKKI System (HNS) is web diary software. A
security vulnerability in the product allows attackers to cause the
webif.cgi to overwrite existing diary content even if the user does not
have the proper permissions to do so.
DETAILS
Vulnerable systems:
HNS version 2.10-pl1 and prior
HNS version 2.19.2 and prior
Immune systems:
HNS version 2.10-pl2
HNS version 2.19.3
There is a remote vulnerability in webif.cgi that allows remote attackers
to rewrite existing diary information.
This vulnerability only occurs if the "direct mode" is enabled. By default
the "mail2nikki mode" is enabled, which is immune to this problem.
Workaround:
Switch to "mail2nikki mode" or "FTP mode" instead of the vulnerable
"direct mode".
Solution:
Upgrade to the latest stable HNS version 2.10-pl2, or alternatively to the
latest "current" HNS version 2.19.3.
ADDITIONAL INFORMATION
The information has been provided by <http://www.h14m.org/> Hyper
NikkiSystem Project.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Blue World Web Data Engine Web Server Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
