[21177] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Perception LiteServe MS-DOS filename vulnerability

daemon@ATHENA.MIT.EDU (Wizdumb)
Mon Jun 25 11:33:12 2001

Date: Mon, 25 Jun 2001 09:30:20 +0200 (SAST)
From: Wizdumb <wizdumb@unix.za.net>
To: <bugtraq@securityfocus.com>
Message-ID: <20010625092112.C59771-100000@unix.za.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

Perception LiteServe <http://www.cmfperception.com/liteserve.html> is a
Web, FTP and e-Mail server for Win*. When GET requests are made to
LiteServe's webserver with the name of the cgi-bin directory as a MS-DOS
directory name (eg.  cgi-shizznitch=CGI-SH~1 and cgi-bin=CGI-BIN),
LiteServe will read the script instead of executing it.

The vendor has been informed, and a fixed version (v1.28) is now available
on Perception's website. Thanks to Chris Fillion for his prompt response.

Cheers,
Andrew Lewis
---
wizdumb@leet.org
http://www.mdma.za.net/fk


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[21177] in bugtraq

Perception LiteServe MS-DOS filename vulnerability

daemon@ATHENA.MIT.EDU (Wizdumb)Mon Jun 25 11:33:12 2001

daemon@ATHENA.MIT.EDU (Wizdumb)
Mon Jun 25 11:33:12 2001