[NT] BitDefender Update Server Unauthorized File Access Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 25 Jan 2008 19:05:27 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
BitDefender Update Server Unauthorized File Access Vulnerability
------------------------------------------------------------------------
SUMMARY
"BitDefenderT provides security solutions to satisfy the protection
requirements of today's computing environment, delivering effective threat
management for over 41 million home and corporate users in more than 100
countries. BitDefender, a division of SOFTWIN, is headquartered in
Bucharest, Romania and has offices in Tettnang, Germany, Barcelona, Spain
and Fort Lauderdale (FL), USA.
....The Update Server allows you to set up an upgrade location within
your local network. This way you needn't worry about updating the products
installed on computers that are not connected to the Internet, achieving,
at the same time, faster updates and reduced Internet traffic. The
BitDefender Update Server is easy to configure through an intuitive step
by step wizard. It will help you get the latest updates for all
BitDefender products."
The Update Server, which is part of several of BitDefender's Enterprise
products, is running an Http-Daemon. The http.exe process is running with
localsystem privileges and is vulnerable to the plain old directory
traversal vulnerability. Thus it is possible to access files outside of
the applications root directory with the named privileges.
DETAILS
Vulnerable Systems:
* BitDefender Security for Fileservers
* BitDefender Enterprise Manager (BDEM)
Exploit:
To exploit simply do an
echo -e "GET /../../boot.ini HTTP/1.0\r\n\r\n" | nc <server> <port>
ADDITIONAL INFORMATION
The information has been provided by <mailto:oliver.karow@xxxxxx> Oliver
Karow.
The original article can be found at:
<http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/> http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] 8e6 Technologies R3000 Internet Filter Bypass by Request Split
- Next by Date: [UNIX] eTicket 'index.php' Cross Site Scripting and Path Disclosure Vulnerabilities
- Previous by thread: [NEWS] 8e6 Technologies R3000 Internet Filter Bypass by Request Split
- Next by thread: [UNIX] eTicket 'index.php' Cross Site Scripting and Path Disclosure Vulnerabilities
- Index(es):
Relevant Pages
|
|
