[28190] in bugtraq
Advisory Title: iASP Remote Console Applet Allows Remote
daemon@ATHENA.MIT.EDU (ph33r)
Fri Dec 13 11:52:57 2002
Message-ID: <008001c2a23f$8b9a9bc0$0201a8c0@sciaphobia.net>
From: "ph33r" <ph33r@fatelabs.com>
To: <bugtraq@securityfocus.com>
Date: Fri, 13 Dec 2002 00:35:29 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_007D_01C2A23F.8950ABC0"
------=_NextPart_000_007D_01C2A23F.8950ABC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Please see attached advisory.
------=_NextPart_000_007D_01C2A23F.8950ABC0
Content-Type: text/plain;
name="f8-20021212-iasp.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="f8-20021212-iasp.txt"
_____________________________________________________________________
Fate Research Laboratories
Security Advisory
---------------------------------------------------------------------
Advisory Title: Remote Console Applet Allows Remote
File Retrieval
Package: Instant ASP (iASP)
Vendor: Halcyon Software
Vendor Web Site: http://www.stryon.com
Versions: <= (v1.0.9) (Latest: Unknown)
Advisory ID: F820021202:IASP
Issue Date: Tue 3 21:24:12 IST 2002
File(s): Remote Console Applet Running on Port 9095
Local: No
Remote: Yes
Vendor Contacted: Yes (8/12/2002)
Vulnerability Class: Access validation
Researcher: Alan "ph33r" Neville <ph33r@fatelabs.com>
Fate Web Site: http://www.fatelabs.com
---------------------------------------------------------------------
Copyright (C) 1997-2002 Fate Research Laboratories.
_____________________________________________________________________
---------------------------------------------------------------------
Overview
_____________________________________________________________________
The Remote Console Applet that ships with the Instant ASP software
suite contains an access validation error that allows an attacker
to retrieve any file on the remote system. This includes sensitive
configuration files for Instant ASP as well as any other file on
the remote host. (SAM, PASSWD, SHADOW, et. al)
---------------------------------------------------------------------
Exploit
_____________________________________________________________________
Simply point a web browser at
http://<hostname>:9095/../../../../../../etc/passwd
---------------------------------------------------------------------
Solution
_____________________________________________________________________
Halcyon Software was contacted regarding this problem
on the 8th of December 2002. There is no patch for this
problem at present.
_____________________________________________________________________
(c) Copyright 1997-2002 Fate Research Labs. All Copyrights Reserved.
------=_NextPart_000_007D_01C2A23F.8950ABC0--
