[23819] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)

daemon@ATHENA.MIT.EDU (Tamer Sahin)
Fri Jan 11 18:10:54 2002

Message-ID: <001e01c19aac$91a497a0$30c183d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Fri, 11 Jan 2002 16:30:48 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There two ways to solve this problem in Eserv:

1) Add "./" string to the AccessRights in Eserv with zero rights.

2) Install Eserv.exe update, it will block "./" access.
ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA+AwUBPD73F7uLpFMrXtywEQLC0ACfTSznBfaxCPmp74yizQFlyXBgWZoAmJqu
KTLbiTNEI8R1kueD661l3Ic=
=1Lia
-----END PGP SIGNATURE-----


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23819] in bugtraq

Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)

daemon@ATHENA.MIT.EDU (Tamer Sahin)Fri Jan 11 18:10:54 2002

daemon@ATHENA.MIT.EDU (Tamer Sahin)
Fri Jan 11 18:10:54 2002