Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Subject: Infosec.20000712.worldclient.2.1
From: Rikard Carlsson (rikard.carlssonINFOSEC.SE)
Date: Wed Jul 12 2000 - 05:16:57 CDT

Infosec Security Vulnerability Report
No: Infosec.20000712.worldclient.2.1

Vulnerability Summary
Problem: The web server for remote access to e-mail in WorldClient 2.1 is
               vulnerable for root dot dot. It is possible to read and in some
               cases download any file known by name and location on a Windows
NT 4.0.

Threat: An attacker can download a copy of the sam._ file, the repair
               SAM database.

Platform: WorldClient 2.1 on Windows NT 4.0,

Solution: Currently there is no patch that corrects this problem. Mr John
               Technical Support Supervisor at Deerfield.com told me that their
               development team is testing and working on this problem in this

Vulnerability Description
The web server WDaemon/2.1, which is a part of the web-based Email solution
     Client 2.1 is vulnerable for root dot dot in some cases. When requesting
the URL http://email.victim.com/..\..\..\winnt\repair\sam._ from Linux 2.X and
Netscape 4.08
the sam._ is downloaded.
It seems like this vulnerability is not present when requesting the same URL
Windows NT 4.0 with Internet Explorer 4.0 and Netscape Communicator 6.0. When
these newer browsers the backslash is automatically exchanged for a forward
and I get a message that I am requesting a forbidden page.

Additional Information
Deerfield Technical Support was notified about this vulnerability approximately
week ago. For more information about Deerfield and WorldClient, see
Reported by: Rikard Carlsson, rikard.carlssoninfosec.se .

Infosec is a Swedish based tiger team that has been working with information
since 1982. Infosec has been doing network penetration tests and technical
audits of
computer systems since 1996. Infosec is now hiring in Sweden and the United
Please contact Christer Stafferöd for more information. Phone: +46-8-6621070
E-mail: stafferodinfosec.se

Backupcentralen byter namn till Guardian iT Sweden
Vi byter också domän till guardianit.se
Mail = xxguardianit.se
WWW = www.guardianit.com

Backupcentralen will change name to Guardian iT Sweden
Domain will be guardianit.se
Mail = xxguardianit.se
WWW = www.guardianit.com