[UNIX] ByteHoard Directory Traversal Vulnerability

From: SecuriTeam (support_at_securiteam.com)
Date: 10/20/03

  • Next message: SecuriTeam: "[NT] VPOP3 Web Mail Cross-Site Scripting Vulnerability" 
    To: list@securiteam.com
Date: 20 Oct 2003 11:22:16 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      ByteHoard Directory Traversal Vulnerability
    ------------------------------------------------------------------------

    SUMMARY

     <http://sourceforge.net/projects/bytehoard/> ByteHoard is "an online file
    storage system, written in PHP. Includes automatic compression, multiple
    file views, fully-featured admin interface, global & user space limiters,
    authentication, ability to send files via email and more". A directory
    traversal vulnerability has been found in the product allowing remote
    attackers to download files that reside outside the bound HTTP root
    directory.

    DETAILS

    Vulnerable systems:
     * ByteHoard version 0.7

    Immune systems:
     * ByteHoard version 0.71

    ByteHoard does not properly validate user-supplied input for URL requests.
     This allows directory traversal characters to be added to URL request and
    thus allows directory traversal.

    Example:
    http://victim.com/bytehoard/index.php?infolder=../../../../

    Solution:
    Upgrade to ByteHoard version 0.71 or newer, available to download from
    <http://prdownloads.sourceforge.net/bytehoard/bytehoard_point_seven_one.tar.gz?download> http://prdownloads.sourceforge.net/bytehoard/bytehoard_point_seven_one.tar.gz?download

    Zip version
    <http://prdownloads.sourceforge.net/bytehoard/bytehoard_point_seven_one.zip?download> http://prdownloads.sourceforge.net/bytehoard/bytehoard_point_seven_one.zip?download

    Vulnerability timeline:
    16 Oct 2003 Identified by Ezhilan of Sintelli
    17 Oct 2003 Issue disclosed to ByteHoard developer (Andrew Godwin)
    17 Oct 2003 Vulnerability confirmed by Andrew Godwin
    17 Oct 2003 Sintelli provided with fix
    17 Oct 2003 Sintelli confirms vulnerability has been addressed
    17 Oct 2003 Fix publicly available
    17 Oct 2003 Sintelli Public Disclosure

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:sintraq@sintelli.com>
    Ezhilan of Sintelli SINTRAQ.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] VPOP3 Web Mail Cross-Site Scripting Vulnerability"

    Relevant Pages