|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] webfs Directory Traversal and Pathname Buffer Overflow
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Sep 30 2003 - 07:21:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
webfs Directory Traversal and Pathname Buffer Overflow
SECUNIA ADVISORY ID:
SA9879
VERIFY ADVISORY:
http://www.secunia.com/advisories/9879/
CRITICAL:
Moderately critical
IMPACT:
Exposure of system information, Exposure of sensitive information,
Privilege escalation
WHERE:
From remote
SOFTWARE:
webfs 1.x
DESCRIPTION:
Two vulnerabilities have been reported in webfs, which can be
exploited by malicious people to disclose the contents of arbitrary
files or by malicious, local users to escalate their privileges.
It is possible to conduct a directory traversal attack by specifying
".." as a hostname when virtual hosting is enabled. This may disclose
the contents of arbitrary files outside the web root.
There is a boundary error in "ls.c" when handling pathnames. This can
be exploited to cause a buffer overflow by constructing an overly
long, specially crafted pathname.
Successful exploitation may allow execution of arbitrary code with
the privileges of the web server but requires that a malicious, local
user has write privileges to a directory readable by the web server.
SOLUTION:
Update to version 1.20:
http://bytesex.org/misc/webfs_1.20.tar.gz
REPORTED BY / CREDITS:
Jens Steube
ORIGINAL ADVISORY:
Product changelog.
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]