Infosec Security Vulnerability Report No: Infosec.20000712.worldclient.2.1 Vulnerability Summary --------------------- Problem: The web server for remote access to e-mail in WorldClient 2.1 is vulnerable for root dot dot. It is possible to read and in some cases download any file known by name and location on a Windows NT 4.0. Threat: An attacker can download a copy of the sam._ file, the repair SAM database. Platform: WorldClient 2.1 on Windows NT 4.0, Solution: Currently there is no patch that corrects this problem. Mr John Grish, Technical Support Supervisor at Deerfield.com told me that their development team is testing and working on this problem in this moment. Vulnerability Description ------------------------- The web server WDaemon/2.1, which is a part of the web-based Email solution World Client 2.1 is vulnerable for root dot dot in some cases. When requesting the URL http://email.victim.com/..\..\..\winnt\repair\sam._ from Linux 2.X and Netscape 4.08 the sam._ is downloaded. It seems like this vulnerability is not present when requesting the same URL from Windows NT 4.0 with Internet Explorer 4.0 and Netscape Communicator 6.0. When using these newer browsers the backslash is automatically exchanged for a for= ward slash and I get a message that I am requesting a forbidden page. Additional Information ---------------------- Deerfield Technical Support was notified about this vulnerability appro= ximately two week ago. For more information about Deerfield and WorldClient, see http://worldclient.deerfield.com Reported by: Rikard Carlsson, rikard.carlsson@infosec.se . ------------------------------- Infosec is a Swedish based tiger team that has been working with inform= ation security since 1982. Infosec has been doing network penetration tests and techni= cal audits of computer systems since 1996. Infosec is now hiring in Sweden and the Un= ited Kingdom. Please contact Christer Staffer=F6d for more information. Phone: +46-8-= 6621070 E-mail: stafferod@infosec.se __________________________________________________ Backupcentralen byter namn till Guardian iT Sweden Vi byter ocks=E5 dom=E4n till guardianit.se Mail =3D xx@guardianit.se WWW =3D www.guardianit.com Backupcentralen will change name to Guardian iT Sweden Domain will be guardianit.se Mail =3D xx@guardianit.se WWW =3D www.guardianit.com __________________________________________________ =
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß