[NT] Enceladus Server Directory Traversal Vulnerability

• Previous message: support@securiteam.com: "[NEWS] MTPSR1-120 Firewall Proxy Configuration Software Insecurity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Date: 12 Dec 2002 18:23:02 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -

  Enceladus Server Directory Traversal Vulnerability
------------------------------------------------------------------------

SUMMARY

 <http://www.mollensoft.com/product3.htm> Enceladus Server Suite is an
Internet/Intranet lightweight Web and FTP Server for Windows, provides
secure file sharing on any network. A security vulnerability in the
product allows remote attackers to view the content of files residing
outside the bounding HTML root directory.

DETAILS

Vulnerable systems:
 * Enceladus Server Suite version 2.6.1

The web server has been found to contain a security flaw that allows
attackers to traverse up the root directory and view/download files on the
system.

Example:
http://host/../

ADDITIONAL INFORMATION

The information has been provided by <mailto:luca.ercoli@inwind.it> Luca
Ercoli.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Next message: support@securiteam.com: "[NEWS] OSM Line Card Header Corruption Vulnerability"
• Previous message: support@securiteam.com: "[NEWS] MTPSR1-120 Firewall Proxy Configuration Software Insecurity"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages SecurityFocus Microsoft Newsletter #117 ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... Mollensoft Software Enceladus Server Suite Directory Traversal... ... An attacker is able to traverse outside of the established web root by ... (Focus-Microsoft) [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability ... provides secure file sharing on any network. ... file sharing or run your own web site and FTP Server. ... Enceladus Server Suite is vulnerable to a buffer overflow condition. ... This Security Advisory may be reproduced and distributed, ... (Bugtraq) [VulnWatch] [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability ... provides secure file sharing on any network. ... file sharing or run your own web site and FTP Server. ... Enceladus Server Suite is vulnerable to a buffer overflow condition. ... This Security Advisory may be reproduced and distributed, ... (VulnWatch) [Full-Disclosure] [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability ... provides secure file sharing on any network. ... file sharing or run your own web site and FTP Server. ... Enceladus Server Suite is vulnerable to a buffer overflow condition. ... This Security Advisory may be reproduced and distributed, ... (Full-Disclosure) Re: Custom Forms role-based security and HttpModules ... I think u can't have different security mechanism in subdirectory ... other than the one u use in the root directory. ... Could I install it only for a folder, by registering it ... (microsoft.public.dotnet.framework.aspnet.security)