[UNIX] Aquonics File Manager Directory Traversal Vulnerability And Privilege Escalation

From: support@securiteam.com
Date: 08/21/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 21 Aug 2002 19:40:08 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Aquonics File Manager Directory Traversal Vulnerability And Privilege
Escalation
------------------------------------------------------------------------

SUMMARY

 <http://www.aquonics.com/Premade/> Aquonics File Manager is a simple to
use script that allows you to control your files without the use of FTP.
Aquonics File Manager has been found to contain two security
vulnerabilities, a directory traversal vulnerability, and privilege
escalation vulnerability.

DETAILS

Vulnerable systems:
 * Aquonics File Manager version 1.5

There are two bugs:
Directory traversal in source.php
Accessing the following URL:
www.vulnerable.url/filemanager/source.php?../../../../etc/passwd

Will allow an attacker to view the /etc/passwd file.

Privelege escalation
User with privilege to edit files can change userlist.cgi file. The
userlist.cgi file contains MD5 hashes of password. This makes it possible
for user without administrative privileges to manipulate user accounts.

ADDITIONAL INFORMATION

The information has been provided by <mailto:er4s3r at mail.ru> Eraser.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [Full-disclosure] [ GLSA 200707-10 ] Festival: Privilege elevation
    ... Title: Festival: Privilege elevation ... Konstantine Shirow reported a vulnerability in default Gentoo ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Full-Disclosure)
  • [ GLSA 200707-10 ] Festival: Privilege elevation
    ... Title: Festival: Privilege elevation ... Konstantine Shirow reported a vulnerability in default Gentoo ... Security is a primary focus of Gentoo Linux and ensuring the ...
    (Bugtraq)
  • SecurityFocus Microsoft Newsletter #165
    ... Tenable Security ... distribute, manage, and communicate vulnerability and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #174
    ... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise Web Server Multiple Vulnerabilitie... ...
    (Focus-Microsoft)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-038)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    (Securiteam)