[12753] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Symantec Mail-Gear 1.0 Web interface Server Directory Traversal

daemon@ATHENA.MIT.EDU (Ussr Labs)
Mon Nov 29 13:48:13 1999

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com>
Date:         Mon, 29 Nov 1999 13:00:36 -0300
Reply-To: Ussr Labs <labs@USSRBACK.COM>
From: Ussr Labs <labs@USSRBACK.COM>
X-To:         BUGTRAQ <bugtraq@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM

Symantec Mail-Gear 1.0 Web interface Server Directory Traversal
Vulnerability


PROBLEM

UssrLabs found a Symantec Mail-Gear 1.0  Web interface Server Directory
Traversal Vulnerability
Using the string '../' in a URL, an attacker can gain read access to
any file outside of the intended web-published filesystem directory

There is not much to expand on this one....

Example:

http://ServerIp:8003/Display?what=../../../../../autoexec.bat      to show
autoexec.bat


Vendor Status:
Contacted

Vendor   Url: http://www.symantec.com/urlabs/public/index.html
Program Url: http://www.symantec.com/urlabs/public/download/download.html

Credit: USSRLABS

SOLUTION
 Upgrade to Symantec Mail-Gear 1.1

u n d e r g r o u n d  s e c u r i t y  s y s t e m s  r e s e a r c h
http://www.ussrback.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12753] in bugtraq

Symantec Mail-Gear 1.0 Web interface Server Directory Traversal

daemon@ATHENA.MIT.EDU (Ussr Labs)Mon Nov 29 13:48:13 1999

daemon@ATHENA.MIT.EDU (Ussr Labs)
Mon Nov 29 13:48:13 1999