[21877] in bugtraq
Snapstream PVS vulnerability
daemon@ATHENA.MIT.EDU (john@interrorem.com)
Thu Jul 26 11:12:36 2001
From: john@interrorem.com
Message-Id: <200107260723.IAA00283@darkstar.example.net>
To: bugtraq@securityfocus.com
Date: Thu, 26 Jul 2001 08:23:51 +0100 (BST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Interrorem security announcement
Interrorem - protecting business
Software vulnerable: Snapstream PVS
Vendor website: http://www.snapstream.com
Workaround: Stop the snapstream server
Software synopsis:
Snapstream PVS is a Personal Video System for Windows Systems. It allows users to schedule recordings on their PC and to view them later at the leisure, at their local machine or across a TCP/IP network via an HTTP interface.
Typically, the Snapstream HTTP interface runs on TCP port 8129.
Problem description:
Issue 1: Directory traversal bug
It is possible to navigate outside of the HTTP base directory, and download any file from the host for which the filename is known. The HTTP server runs in the context of the logged in user.
Examples:
http://home.victim.com:8080/../../../../autoexec.bat
http://home.victim.com:8080/../../../winnt/repair/sam
Risk: High. Any files on the target system are available to an attacker.
Issue 2: SSD.ini, which contains a great deal of information regarding the target system can be retrieved remotely using the method detailed above.
Example:
http://home.victim.com:8080/../ssd.ini
Risk: High. Information included in the ini file includes base directory location, usernames, and passwords.
Issue 3: Passwords are stored as plaintext in SSD.INI
Passwords to the SnapStream PVS software are recoverable remotely using the method detailed in Issue 2.
Risk: High. Denial of service, destruction of data, exposure of passwords.
For more information on this, and other security issues, please visit:
http://www.interrorem.com
Interrorem - protecting business
Network Security Specialists
Security News and Information
Free Security Software
OSSTMM.ORG supporters
