SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   SnapStream PVS Vendors:   SnapStream Media
SnapStream Personal Video System for Windows Lets Remote Users Obtain Files on the System, Including One Containing Unencrypted SnapStream Passwords
SecurityTracker Alert ID:  1002089
SecurityTracker URL:  http://securitytracker.com/id/1002089
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 27 2001
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  

Description:   A vulnerability was reported in SnapStream Personal Video System (PVS) for Windows that allows remote users to access files on the Windows system.

It is reported that a remote user can navigate outside of the HTTP base directory and access files on the system using the following types of requests:

http://[targethost]:8129/../../../../autoexec.bat
http://[targethost]:8129/../../../winnt/repair/sam

One of the files that can be retrieved is the ssd.ini file, which contains usernames and unencrypted passwords for the system:

http://[targethost]:8129/../ssd.ini

Impact:   A remote user can access files on the Windows system, including unencrypted passwords for the SnapStream application.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.snapstream.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Me), Windows (98), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Snapstream PVS vulnerability


Interrorem security announcement
Interrorem - protecting business

Software vulnerable:  Snapstream PVS
Vendor website: http://www.snapstream.com
Workaround: Stop the snapstream server

Software synopsis:
Snapstream PVS is a Personal Video System for Windows Systems.  It allows users to schedule recordings on their PC and to view them
 later at the leisure, at their local machine or across a TCP/IP network via an HTTP interface.

Typically, the Snapstream HTTP interface runs on TCP port 8129.

Problem description:

Issue 1: Directory traversal bug

It is possible to navigate outside of the HTTP base directory, and download any file from the host for which the filename is known.
  The HTTP server runs in the context of the logged in user.

Examples:

http://home.victim.com:8080/../../../../autoexec.bat

http://home.victim.com:8080/../../../winnt/repair/sam

Risk: High.  Any files on the target system are available to an attacker.


Issue 2: SSD.ini, which contains a great deal of information regarding the target system can be retrieved remotely using the method
 detailed above.

Example:

http://home.victim.com:8080/../ssd.ini

Risk: High.  Information included in the ini file includes base directory location, usernames, and passwords.


Issue 3: Passwords are stored as plaintext in SSD.INI

Passwords to the SnapStream PVS software are recoverable remotely using the method detailed in Issue 2.

Risk: High.  Denial of service, destruction of data, exposure of passwords.


For more information on this, and other security issues, please visit:

http://www.interrorem.com

Interrorem - protecting business

Network Security Specialists
Security News and Information
Free Security Software
OSSTMM.ORG supporters

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC