Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | 602Pro LAN Suite Discloses Files on the System to Remote Authenticated Users |
|---|
Categorie: Vulnerability
Posted: 2003-09-27 by ReCall
Views: 545
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Phuong Nguyen reported several vulnerabilities in 602Pro LAN Suite. A remote authenticated user can view arbitrary files on the target system. A remote authenticated user can also obtain information about WebMail users.
It is reported that the software does not properly validate 'GetFile' requests. A remote authenticated WebMail user can invoke m602cl3w.exe with the GetFile option to view arbitrary files on the system with the privileges of the web server. Files that can be read include the e-mail of other users on the system.
A demonstration exploit URL is provided:
http://[target]/mail/m602cl3w.exe?A=GetFile&U=7921604D7A587937986E24242C0588&DL=0& FN=../../../boot.ini
In the above demonstration exploit URL, the "U" character represents the remote authenticated user's ID.
It is also reported that a remote authenticated user can view temporary folders and files that include information about current users on the system by accessing the '/mail/' directory on the WebMail interface. The 'Tempdirs.lst' file contains a list of temporary folder names. Each temporary folder reportedly contains the 'MSGlist.mid' file, listing message IDs for the target user, and the 'MSGlist.mil' file, listing the username and mailbox number for the target user. A remote authenticated user can also view log files with the following type of URL (where the log file name is based on the date [yy-mm-dd]:
http://[target]/mail/S030904L.LOG
Impact: A remote authenticated user can read arbitrary files on the system (including other users' e-mail messages) with the privileges of the web server process.
A remote authenticated user can view information about users on the system, including usernames, mailbox names, and e-mail message IDs.
Solution: The vendor has released a patch, available at:
http://download3.software602.com/ls2003.exe
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=480
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
