[NT] F-Secure Policy Manager Path Disclosure Vulnerability

• Previous message: SecuriTeam: "[UNIX] Local Off-By-One in Mtr"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 12 Dec 2004 16:42:02 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  F-Secure Policy Manager Path Disclosure Vulnerability
------------------------------------------------------------------------

SUMMARY

F-Secure's Policy Manager comes bundled with a web server, this web server
contains a DLL called fsmsh.dll that can use to discover the local path
under which F-Secure is installed under, in addition to the exact version
of the product and when it was started.

DETAILS

Vulnerable Systems:
 * FSMSH version 5.11.2810
 * FSMSH version 5.50.3110
 * FSMSH version 5.50.3160
 * FSMSH version 5.60.4111

F-Secure's Policy Manager web server runs on port 80/TCP. Connecting to
the port via a webbrowser offers the following link, available without
authentication:
       /fsms/fsmsh.dll?FSMSCommand=GetVersion

Following this link will give the Version Number of the application:
        5.11.2810

However.... modifiying the link as follows:
        /fsms/fsmsh.dll?

will give the following result, containing the physical path of the
F-Secure installation:
        FSMSH Version 5.11.2810
        Started at: 04/12/07 20:18:48
        Processed requests: 8780
        Commdir path: C:\Programme\F-Secure\Management Server 5\CommDir
        COMMDIR: C:\Programme\F-Secure\Management Server 5\CommDir found
        C:\Programme\F-Secure\Management Server 5\CommDir\commdir.cfg
found
        Repository API initialized - status: OK

ADDITIONAL INFORMATION

The information has been provided by <mailto:oliver@greyhat.de> oliver
karow.
The original article can be found at:
<http://www.oliverkarow.de/research/f-secure.txt>
http://www.oliverkarow.de/research/f-secure.txt

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[UNIX] Local Off-By-One in Mtr"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [NT] PMSoftware Simple Web Server Buffer Overflow ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... HTTP Web Server" ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) [NEWS] Thomson TCM315 Denial of Service (Long GET Request) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... allows remote users to administrate it via its built-in web server". ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) [NT] KF WebServer Directory Traversal Vulnerability ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... By crafting a special HTTP URL and sending it to the KF web server, ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) [NT] Multiple Vulnerabilites in Aldos Webserver ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Aldo's Web Server is "a ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ... (Securiteam) [NT] Xedus Webserver Directory Traversal and DoS ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Xedus web server is vulnerable to a directory traversal. ... this vulnerability constitutes a denial of ... (Securiteam)