[VulnWatch] iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's WebserverFrom: David Endler (firstname.lastname@example.org)
- Previous message: Ofir Arkin: "[VulnWatch] The Trivial Cisco IP Phones Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David Endler" <email@example.com> To: firstname.lastname@example.org Date: Mon, 23 Sep 2002 16:41:19 -0400
-----BEGIN PGP SIGNED MESSAGE-----
iDEFENSE Security Advisory 09.23.2002
Directory Traversal in Dino's WebServer
A vulnerability exists in the latest version of Dino’s Webserver that
can allow an attacker to view and retrieve any file on the system.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2002-1133 to this issue.
An exploit is possible from an attacker constructing a URL that would
cause Dino's Webserver to navigate to any desired folder in the same
logical drive and access the files in it. This can be achieved by
using the URL encoded character representations of "/" and "\". This
allows a user to traverse the server to any directory on the same
logical drive as the web application. e.g.
This issue is similar to CVE-2002-0111 which involved a traditional
.. directory traversal flaw that was fixed.
This vulnerability affects Dino’s Webserver version 1.2
The author Anders Jensen, email@example.com, stated:
"My webserver will be removed from the download`s that I control, I
neither hav the time or resources to do anything else at the moment."
The public download site, http://home.no.net/~nextgen/ has been
replaced with a message reading "Dino`s FunSoft is no longer
available. the software will maybe somtime in the future be available
on another label, but when and if for shure I really can`t tell,
Dino's Webserver remains available however via many other download
sites such as download.com, etc.
8/10/2002 - Disclosed to iDEFENSE
9/6/2002 - Disclosed to Vendor, Anders Jensen
9/6/2002 - Disclosed to iDEFENSE Clients
9/14/2002 - Vendor Response
9/23/2002 - Public Disclosure
This issue was exclusively disclosed to iDEFENSE by Tamer Sahin
Get paid for security research:
David Endler, CISSP
Director, Technical Intelligence
14151 Newbrook Drive
Chantilly, VA 20151
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.2
-----END PGP SIGNATURE-----