Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Surfboard httpd Input Validation Flaw Lets Remote Users View Arbitrary Files on the System |
|---|
Categorie: Vulnerability
Posted: 2003-12-02 by ReCall
Views: 382
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in the Surfboard httpd. A remote user can view files on the system. A remote user can also cause excessive CPU resources to be consumed.
Luigi Auriemma reported that a remote user can supply a URL containing the '../' directory traversal characters to view arbitrary files on the target system with the privileges of the Surfboard httpd process.
Some demonstration exploit URLs are provided:
http://server/../etc/passwd
http://ser ver/../../../etc/passwd
Version 1.0 is reportedly not affected by this directory traversal flaw.
It is also reported that the web server will continually loop when receiving user-supplied input until a second line feed character is received. A remote user can connect to the web server and then disconnect before sending data to cause the forked process to enter a continual loop.
The vendor has reportedly been notified.
Impact: A remote user can view arbitrary files on the target system with the privileges of the web server
daemon.
A remote user can cause the web server to fork a process that enters a continual loop.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=577
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
