[NT] Directory Traversal Found in silentThought Simple Web Server

• Previous message: SecuriTeam: "[NEWS] Nokia GGSN (IP650 Based) DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 12 Jun 2003 19:19:43 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

Latest attack techniques.

You're a pen tester, but is google.com still your R&D team?
Now you can get trustworthy commercial-grade exploits and the latest
techniques from a world-class research group.

Learn more at http://www.coresecurity.com/promos/sit_e1,
or call 617-399-6980

- - - - - - - - -

  Directory Traversal Found in silentThought Simple Web Server
------------------------------------------------------------------------

SUMMARY

 <http://www.silentthought.com/> silentThought Simple Web Server is "a
simple and easy to use web server that allows you to host your own web
site from home". A vulnerability in the product allows remote attackers to
view files that reside outside the bounding HTML root directory.

DETAILS

Vulnerable systems:
 * silentThought Simple Web Server version 1.0

Directory traversal:
Simply pointing to any of the below URLs:
http://10.10.10.1/../../winnt/repair/sam._
http://10.10.10.1/../../boot.ini

Will allow an attacker to access the SAM file or the boot.ini records (a
simple example).

ADDITIONAL INFORMATION

The information has been provided by <mailto:vulncode@yahoo.com> Ziv
Kamir.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[NEWS] Nokia GGSN (IP650 Based) DoS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

• Re: security? ? ?
  ... NASL (Nessus Attack Scripting Language) for coding up new vulnerability ...
  Thus a web server might have a policy something like: ... compromise your administrator
  workstations, or some router in some way to ... defacement might not be on the "home" page.
  ... (comp.os.linux.security)
• Re: Someone try to hack my machine?
  ... This is not a serious attack, but is simply a scan to see if your machine ...
  Apache too has its own vulnerabilities, and I advise you at least ... If tis Web server
  is intended for local users only, ... and it looks like these hackers are sending out same
  ... (comp.security.firewalls)
• [NEWS] myServer Vulnerable to Terminated Connection DoS
  ... Latest attack techniques. ... GNU gdb 5.0mdk-11mdk Linux-Mandrake 8.0
  ... There is absolutely no warranty for GDB. ... (Securiteam)
• [NT] Denial of Service Vulnerability in Xeneo Web Server
  ... The following security advisory is sent to the securiteam mailing list, and can be found at
  the SecuriTeam web site: http://www.securiteam.com ... Xeneo Web ... The
  condition is triggered when the web server receives a request ... attack URL: ...
  (Securiteam)
• RE: Need help to choose a security policy
  ... Firewall: ... < architecture (for example, you might have only one type of
  web server, ... pay attention to this attack. ... < Last but no least,
  if your IDS allows you to create custom rules, ... (Focus-IDS)