Reported August 21, 2001, by Arai Yu.

VERSION AFFECTED

  • ASCII NT Products WinWrapper 2.0 Professional

 

DESCRIPTION
A vulnerability exists in ASCII NT Products WinWrapper 2.0 Professional firewall software that lets an attacker read files on the vulnerable system under the local system security context. By using the remote service port (4096) that the system opens for Web-based administration, an attacker can traverse the remote system file structure using relative paths to read arbitrary data.

 

DEMONSTRATION

Arai Yu posted the following example as proof-of-concept:

 

http://IP_Address_of_WinWrapper:4096/../../../winnt/repair/sam

 

Typing the preceding line downloads a copy of the SAM database from the vulnerable system.

 

VENDOR RESPONSE

The vendor, ASCII NT Products, has released version 2.0.1 that fixes this vulnerability.

 

CREDIT
Discovered by Arai Yu.