[19152] in bugtraq
tdhttp transversal bug
daemon@ATHENA.MIT.EDU (UkR-XblP�)
Mon Feb 12 17:27:07 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="KOI8-R"
Content-Transfer-Encoding: 8bit
Message-Id: <web-16666309@backend2.aha.ru>
Date: Mon, 12 Feb 2001 17:18:48 +0300
Reply-To: UkR-XblP� <cuctema@OK.RU>
From: UkR-XblP� <cuctema@OK.RU>
To: BUGTRAQ@SECURITYFOCUS.COM
-=-=-=-=-=[ UkR security team - advisory n0. 7 ]=-=-=-=-=-
tdhttp transversal bug
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: 07.02.2001
Problem: possibility of arbitrary file retreival
and directory listing on remote host, running
tdhttp (http.c, probably all its versions).
Workaround: try another http daemon (Apache, for ex.) and
disable http service 'till that time.
Comment: duh. I wonder if I can see /etc/passwd right in my
IE
window. No matter it's only beta version, I mean http.c.
After all, this bug is well-known.
Authors: XblP, S1LENCE
Example:
http://www.timduff.com/../../../../../../../../../../etc/passwd
http://www.timduff.com/../../../../../../../../../../root/
Get your free e-mail address at http://www.zmail.ru
