[19101] in bugtraq
Re: Vulnerability in AOLserver
daemon@ATHENA.MIT.EDU (bugtraq@ARTEMAS.REACHIN.COM)
Fri Feb 9 12:13:23 2001
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.30.0102082237190.27869-100000@artemas.reachin.com>
Date: Thu, 8 Feb 2001 22:41:53 -0800
Reply-To: bugtraq@ARTEMAS.REACHIN.COM
From: bugtraq@ARTEMAS.REACHIN.COM
X-To: Bob Rogers <rogers-bugtraq@RGRJR.DYNDNS.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <14979.9180.168189.558707@h0050da615e79.ne.mediaone.net>
> AOLserver v3.2 is a web server available from http://www.aolserver.com.
> A vulnerability exists which allows a remote user user to break out of the
> web root using relative paths (ie: '...').
> AOLserver v3.2 on Linux (RH 6.0) does not appear to be vulnerable.
> OS-dependent code?
Correct. Microsoft Windows has an undocumented "feature" where '...\' or
'....\' or '......\' point to parent directories. This feature is obscure
un documented enough that almost every single web server ported to Windows
allows viewing of files above the document root with this feature. In
fact, Microsoft's own personal web server had this problem at one point.
Linux has had similiar problems with undocumented interfaces. It was
discovered about a year ago that by using undocumented calls that restrict
privledges, an attacker could set things up a a SUID root application
could not drop its root privledges.
- Sam
