OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Foundstone Labs (labsfoundstone.com)
Date: Wed Jun 13 2001 - 14:56:32 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    FS Advisory ID: FS-061201-18-SMSW

    Release Date: June 11, 2001

    Product: ScreamingMedia SITEWare

    Vendor: ScreamingMedia Inc.
                            (http://www.screamingmedia.com)

    Vendor Advisory: http://www.screamingmedia.com/security/sms1001.php

    Type: Source code disclosure vulnerability

    Severity: High

    Author: Mike Shema (mike.shemafoundstone.com)
                            Foundstone, Inc. (http://www.foundstone.com)

    Operating Systems: All operating systems

    Vulnerable versions: SITEWare 2.5
                            SITEWare 3.0

    Foundstone Advisory:
    http://www.foundstone.com/cgi-bin/display.cgi?Content_ID=325
    ---------------------------------------------------------------------

    Description

            A source code disclosure vulnerability exists with
            ScreamingMedia's SITEWare Editor's Desktop. This
            vulnerability allows for the arbitrary viewing of world-
            readable files within the web document root. It should also be
            noted that ScreamingMedia stores site user names and passwords
            in clear text files.

    Details

            The SITEWare Editor's Desktop is a web-based administration
            front-end for ScreamingMedia content. The listening server
            can be assigned an arbitrary port on which to listen. For
            example, template source can be viewed by the URL:

            http://server:30001/../../template/shared/indexTemplate.xml

            Any file within the SITEWare/threads/Editor directory can be
            viewed, but not system files outside of this root.
            
    Proof of concept
            
            From a browser, make the following URL request:

            http://server:30001/../../template/shared/indexTemplate.xml

    Solution

            Refer to the advisory published by ScreamingMedia at:

            http://www.screamingmedia.com/security/sms1001.php

            Customers should obtain upgraded software by contacting their
            customer support representative to obtain patches.

    Credits

            We would also like to thank ScreamingMedia. for their prompt
            reaction to this problem and their co-operation in heightening
            security awareness in the security community.

    Disclaimer

            The information contained in this advisory is the copyright
            (C) 2001 of Foundstone, Inc. and believed to be accurate at
            the time of printing, but no representation or warranty is
            given, express or implied, as to its accuracy or
            completeness. Neither the author nor the publisher accepts
            any liability whatsoever for any direct, indirect or
            conquential loss or damage arising in any way from any use
            of, or reliance placed on, this information for any purpose.
            This advisory may be redistributed provided that no fee is
            assigned and that the advisory is not modified in any way.