[NEWS] OwnServer Directory Traversal Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 01/22/04
- Previous message: SecuriTeam: "[NEWS] Cisco Voice Products Vulnerabilities on IBM Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 22 Jan 2004 15:08:05 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
OwnServer Directory Traversal Vulnerability
------------------------------------------------------------------------
SUMMARY
OwnServer from <http://www.anteco.co.il> Anteco is a web server used for
watching security cameras remotely. It allows broadcasting live streaming
video over the web.
OwnServer is vulnerable to a classic directory traversal attack due to
inappropriate vailidity tests on the input URL.
DETAILS
Vulnerable Systems:
* OwnServer version 1.0 and prior
The webserver performs filter tests and substitution in order to protect
itself from a directory traversal attack. The following patterns are
checked for and replaced with safe ones:
* "//" is replaced by ""
* "\." and "\.." are replaced by ""
* "\" is replaced by "/"
* "\\" is replaced by "//"
However, the classic "/../" pattern is for some reason not checked and
thus it can pass unfiltered and allow the remote attacker the ability to
view and download any file on the server's filesystem if the path to that
file is known.
Examples:
http://< host>/../../boot.ini
http://< host>/../../../boot.ini
http://< host>/../../../../boot.ini
http://< host>/../../../../../boot.ini
http://< host>/../../../../../../boot.ini
ADDITIONAL INFORMATION
The information has been provided by <mailto:the_insider@mail.com> Rafel
Ivgi, The-Insider
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] Cisco Voice Products Vulnerabilities on IBM Servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [TOOL] Fast SYN Scanner (libnet, libpcap)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... struct bpf_program cfilter;
... const unsigned char *packet; ... In no event shall we be liable for any damages
whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
damages. ... (Securiteam) - [NT] NetFile FTP Denial of Service (Nonexisting Username)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... multi-threaded FTP/HTTP server
combined, featuring automatic virtual ... * Net File version 6.5.1 and prior ...
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages. ... (Securiteam) - [TOOL] P0f - Passive OS Fingerprinting Tool
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Machines that connect to
your box, ... Official SYN+ACK fingerprinting support ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam) - [EXPL] TinyWeb Server DoS Exploit
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The information in this
bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam) - [EXPL] 3Com FTP Server Buffer Overflow (CD)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... overflow in its parsing
of the 'CD' command. ... The information in this bulletin is provided "AS IS" without warranty
of any kind. ... In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam)
