Softrex Tornado www-Server Bugs Disclose Specified Files to Remote Users and Allow Remote Users to Crash the Web Service
|
|
SecurityTracker Alert ID: 1006880
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 29 2003
|
Impact: Denial of service via network, Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Advisory: Damage Hacking Group
|
Version(s): 1.2
|
Description: Several vulnerabilities were reported in Softrex's Tornado www-Server. A remote user can view specified files on the system. A remote user can cause the service to crash.
Damage Hacking Group reported that a remote user can supply a URL with a specified file name (including the '..' directory traversal
characters) to view the specified file with the privileges of the web server. A demonstration exploit is provided:
http://[target]/../existing_file
It
is also reported that a remote user can supply a long URL to cause the web service to crash. A demonstration exploit URL is provided:
http://[target]/aa[more
than 471 chars]
|
Impact: A remote user can view specified files on the system with the privileges of the web server.
A remote user can cause the service to crash.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.softrex.com/tornado/ (Links to External Site)
|
Cause: Boundary error, Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: D4rkGr3y <grey_1999@mail.ru>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 29 May 2003 16:09:45 -0700
From: D4rkGr3y <grey_1999@mail.ru>
Subject: Tornado www-server v1.2: directory traversal, buffer overflow
|
-----BEGIN PGP SIGNED MESSAGE-----
################################################################
# _____ __ __ ___ #
# ........\ \.| |.| |/ \........ #
# : / \| | | | __> : #
# : / _ \ |_| | / __ : #
# : / / \ | <_/ \ : #
# :..../ _/ / _ | ` \....: #
# : \_________/__| |__|_______/ : #
# : Damage Hacking Group : #
# : Security Advisory : #
# :.............................: #
# #
# http://www.dhgroup.org #
#b d#
##b,________________________________________________________.d##
| |
Product: Tornado www-server v1.2
Authors: www.softrex.com/tornado/
| Vulnerability: multiple bugs |
#--------------------------------------------------------------#
| Overview: |
~~~~~~~~~
Another one http server
| |
#--------------------------------------------------------------#
| Problem: |
~~~~~~~~
This server is one BiG problem. IMHO is most dangerous server.
Main bug in DNA ;D Attacker may see any files in system (but
only if he know path and filename), may crash server (and exec
malicious code) by sending long http request. Examples:
www.server.com/../existing_file <-file be showed
www.server.com/aa[more than 471 chars]
| |
#--------------------------------------------------------------#
| Exploit: |
~~~~~~~~
Naah, its not interesting. Lets authors code something better.
| |
#--------------------------------------------------------------#
| :wow: |
~~~
NeKr0 /DHG www.dhgroup.org
| |
#______________________________________________________________#
\___________________________da_end___________________________/
Best regards www.dhgroup.org
D4rkGr3y icq 540981
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
iQCVAwUBPtaTMW4LIpseSJmPAQFU5AP/bO2H6whq/DXFdjYndYthn3sC35RlR6Lh
TF9tuOZyTPzsRwf0wKZEw3ivtyoAKVL3Qn6a+kCC7XE049TViDujQ5ykevkADl41
aA1E+wqV23xZjJfLuDBuJNgl2TbaJop+qYvrE5Rh83k81q4MdGLAuwQkM57M5xch
5JSPz5M1yC0=
=dw5D
-----END PGP SIGNATURE-----
|
|
