SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Web Server/CGI)  >   NetServe Vendors:   Net-X Solutions
(Vendor Issues Fix) Re: NetServe Discloses Files on the System to Remote Users
SecurityTracker Alert ID:  1008282
SecurityTracker URL:  http://securitytracker.com/id/1008282
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 24 2003
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.7 (and possibly older versions)
Description:   An information disclosure vulnerability was reported in the NetServe web server. A remote user can view arbitrary files on the system, including a password file.

It is reported that the server does not filter the '../' directory traversal characters from user-supplied URLs. A remote user can reportedly supply a specially crafted URL to view arbitrary files and directories on the system with the privileges of the web server.

Some demonstration exploit URLs are provided:

http://[victim]/../test/
http://[victim]/../test/test.txt

It is also reported that the software stores the administrator's username and password in the 'config.dat' file. A remote user can obtain the file by exploiting the directory traversal vulnerability described above. A demonstration exploit URL is provided:

http://[victim]/../config.dat
Impact:   A remote user can view files located outside of the web document directory that are readable by the web server process. A remote user can obtain the 'config.dat' file containing the administrator's password.
Solution:   The vendor has issued a fixed version (1.0.8), available at:

http://www.starlots.com/netx/index.html

The vendor advises all users to update to the latest version.
Vendor URL:  www.starlots.com/netx/netserve.html (Links to External Site)
Cause:   Input validation error
Underlying OS:   Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 17 2003 NetServe Discloses Files on the System to Remote Users


 Source Message Contents
Date:  Sun, 23 Nov 2003 23:04:43 -0000
Subject:  NetServe Web Server



Dear SecurityTracker,

In response to your advisory on "NetServe Web Server" and its "Directory
Traversal Vulnerability":


After being alerted to the "Directory Traversal Vulnerability", we
immediately began work on testing and role-out of a security fix.

A security fix has now been released which removes this issue, there are
currently no known security issues with version 1.0.8 of NetServe Web
Server.

All users of this product are advised to download the latest version of
NetServe from the company website: www.starlots.com/netx/index.html
<http://www.starlots.com/netx/index.html>


If you could update your news and site accordingly to accomodate this
update we would be most grateful,

Kind Regards,

J. Jones
Net-X Solutions Ltd


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC