[12454] in bugtraq
Eserv 2.50 Web interface Server Directory Traversal Vulnerability
daemon@ATHENA.MIT.EDU (Ussr Labs)
Fri Nov 5 13:33:22 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <NCBBKFKDOLAGKIAPMILPIEIMCAAA.labs@ussrback.com>
Date: Thu, 4 Nov 1999 21:17:12 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To: BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Eserv 2.50 Web interface Server Directory Traversal Vulnerability
Product:
Eserv/2.50 is the complete solution to access Internet from LAN:
- Mail Server (SMTP and POP3, with ability to share one mailbox
on the ISP, aliases and mail routing support)
- News Server (NNTP)
- Web Server (with CGI, virtual hosts, virtual directory support,
web-interface for all servers in the package)
- FTP Server (with virtual directory support)
- Proxy Servers
* FTP proxy and HTTP caching proxy
* FTP gate
* HTTPS proxy
* Socks5, Socks4 and 4a proxy
* TCP and UDP port mapping
* DNS proxy
- Finger Server
- Built-in scheduler and dialer (dial on demand,
dialer server for extern agents, scheduler for any tasks)
PROBLEM
UssrLabs found a Eserv Web Server Directory Traversal Vulnerability
Using the string '../' in a URL, an attacker can gain read access to
any file outside of the intended web-published filesystem directory
There is not much to expand on this one....
Example:
http://127.1:3128/../../../conf/Eserv.ini to show all configuration file
including
account names
Vendor Status:
no contacted
Vendor Url: http://www.eserv.ru/
Program Url: http://www.eserv.ru/eserv/
Credit: USSRLABS
SOLUTION
Nothing yet.
