[NT] Multiple Vulnerabilites in Aldos Webserver
From: SecuriTeam (support_at_securiteam.com)
Date: 05/04/04
- Previous message: SecuriTeam: "[UNIX] X-Chat Socks5 Buffer Overflow Vulnerability (Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 4 May 2004 17:11:32 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple Vulnerabilites in Aldos Webserver
------------------------------------------------------------------------
SUMMARY
<http://aldostools.mysite4now.com/aweb.html> Aldo's Web Server is "a
super-compact Web service daemon that not only let you share easily your
files, it also acts as a Advertisement or site blocker". The product has
been found to contain two security vulnerabilities, one allowing gaining
of sensitive information on the remote computer, the other allows
accessing of files that reside outside the bound HTML root directory.
DETAILS
Vulnerable Systems:
* Aldos Web Server version 1.5
Physical Path Disclosure:
Connecting to Aweb via Telnet/Netcat, and entering any character will lead
to an output similar to this: "Oliver_karow||D:\webserverMAI\aweb\"
Whereby oliver_karow is the user that runs the web server process.
Directory Traversal:
Connecting to Aweb via Telnet/Netcat, and requesting a file like "GET
/../../../boot.ini HTTP/1.0" enables an attacker to get access to files
outside of the webroot folder.
ADDITIONAL INFORMATION
The information has been provided by <mailto:oliver@greyhat.de> Oliver
Karow.
The original article can be found at:
<http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt>
http://www.oliverkarow.de/research/AldosWebserverMultipleVulns.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] X-Chat Socks5 Buffer Overflow Vulnerability (Exploit)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
