[37667] in bugtraq
=?iso-8859-1?Q?F-Secure_Policy_Manager_-__physical_path_disclosure?=
daemon@ATHENA.MIT.EDU (oliver@greyhat.de)
Thu Dec 9 16:57:16 2004
To: <bugtraq@securityfocus.com>
From: <oliver@greyhat.de>
Message-Id: <5452427$110262518141b8b99d5b37f5.90164902@config19.schlund.de>
X-Originating-From: 5452427
Content-Type: text/plain;
charset="iso-8859-1"
Mime-Version: 1.0
Content-Transfer-Encoding: 8bit
Date: Thu, 9 Dec 2004 21:54:02 +0100
F-Secure Policy Manager - Management Agent - physical path disclosure
vulnerability
=====================================================================================
Version:
========
FSMSH Version 5.11.2810 - on Win32 (not tested on other platforms)
Vuln:
=====
A webserver is running on Port 80/tcp. Connecting to the port via a
webbrowser offers the
following link, available without authentication:
/fsms/fsmsh.dll?FSMSCommand=GetVersion
Following this link will give the Version Number of the application:
5.11.2810
However.... modifiying the link as follows:
/fsms/fsmsh.dll?
will give the following result, containing the physical path of the
f-secure installation:
FSMSH Version 5.11.2810
Started at: 04/12/07 20:18:48
Processed requests: 8780
Commdir path: C:\Programme\F-Secure\Management Server 5\CommDir
COMMDIR: C:\Programme\F-Secure\Management Server 5\CommDir found
C:\Programme\F-Secure\Management Server 5\CommDir\commdir.cfg found
Repository API initialized - status: OK
Vendor:
=======
www.f-secure.com
Informed by mail on 07.Dec.2004; Response at 08.Dec.; Will be fixed
anytime.
Discovered by:
==============
oliver karow
This document: http://www.oliverkarow.de/research/f-secure.txt
