SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   ParaChat Server Vendors:   ParaChat Group
ParaChat Server Input Validation Flaw Discloses Files to Remote Users
SecurityTracker Alert ID:  1011438
SecurityTracker URL:  http://securitytracker.com/id/1011438
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 28 2004
Impact:   Disclosure of system information, Disclosure of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.5
Description:   Donato Ferrante reported a directory traversal vulnerability in ParaChat Server. A remote user can view files located on the target system.

It is reported that the server does not properly validate user-supplied input. A remote user can connect to the target system and supply an HTTP GET request containing '..%5C/' directory traversal characters to view arbitrary files on the target system.

A demonstration exploit URL is provided:

http://[target]:7877/..%5C/..%5C/

The vendor has been notified.

Impact:   A remote user can view files on the target system with the privileges of the target chat service.
Solution:   No solution was available at the time of this entry. The vendor is reportedly working on a fix.
Vendor URL:  www.parachat.com/server/index.html (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (FreeBSD), UNIX (Solaris - SunOS), Windows (NT)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 29 2004 (Vendor Issues FIx) ParaChat Server Input Validation Flaw Discloses Files to Remote Users
The vendor has issued a fix.



 Source Message Contents

Subject:  directory traversal in ParaChat Server 5.5



                           Donato Ferrante


Application:  ParaChat Server
              http://www.parachat.com/

Version:      5.5

Bug:          directory traversal

Date:         28-Sep-2004

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"ParaChat Server v5.5 is a fast, easy and affordable way to host and
manage your own real-time communication software - for one web site,
or for multiple web sites."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The server is not able to manage the sequence "..%5C/", that is
equal to "..\/", this lets an attacker to navigate through the
victim system simply using a web browser.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability:

http://[host]:7877/..%5C/..%5C/



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bug will be fixed in the next version.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC