Reported November 20, 2003, by nimber.

 

 

VERSIONS AFFECTED

 

  • Net-X Solutions Ltd’s NetServe 1.0.7

 

 

DESCRIPTION

 

Two newly discovered vulnerabilities in Net-X Solutions Ltd’s NetServe 1.0.7 can result in the remote compromise of the vulnerable system. The first vulnerability is a directory-traversal vulnerability, and the second vulnerability is a configuration- and password-disclosure vulnerability.
 

DEMONSTRATION

 

<span style="font-family:Verdana">The discoverer has posted the following scenarios as proof of concept:</h3> <span style="font-family:Verdana"> </h3>

Directory Traversal:

 

The NetServe server doesn’t properly filter " /../../ ", thereby permitting an attacker to view files that reside below the bounding HTML root directory.

 

 

Example:

You can view either directories http://\[victim\]/../test/, or files http://\[victim\]/../test/test.txt.

 

Configuration Disclosure:

By default, NetServe's configuration files contain a directory below the wwwroot's. Using the above vulnerabilities, a remote attacker can download the remote server's configuration by requesting a special URL.



Example:

By requesting http://\[victim\]/../config.dat, an attacker can view the server's configuration file.

 

VENDOR RESPONSE

<span style="font-family:Verdana"> </h3> <span style="font-family:Verdana">Net-X Solutions Ltd has been notified.</h3>  

CREDIT

 

Discovered by nimber.