Bugtraq mailing list archives

bug in iChat 3.0 (maybe others)

From: jon () OCOL COM (Jon Beaton)
Date: Wed, 9 Sep 1998 16:19:28 -0700


Hi,

The iChat (http://www.ichat.com/) ROOMS server runs as 'nobody', and on
port 4080 as default. From what I've noticed, it just uses http, and has
a bug which lets following /../../../ be ran on the URL using any web
browser.  For example, something like:

http://chat.server.com:4080/../../../etc/passwd

will display the passwd file. With this you can view any file on the
system that 'nobody' has access to. I was only able to test this on
version 3.0 of the software, and running on Solaris. I contacted the
company about this, all they said was that if you're using 3.0, you
should upgrade to 3.03 as soon as possible.  I don't even know if this
particular bug is fixed in that version. If you can try this on other
versions and OS's, I'd like to hear about the results.

Thanks,

Jon Beaton
jon () ocol com
jbx @ Undernet

Current thread:

bug in iChat 3.0 (maybe others) Jon Beaton (Sep 09)
- Re: bug in iChat 3.0 (maybe others) Renzo Toma (Sep 10)
- Re: bug in iChat 3.0 (maybe others) Steve Kann (Sep 10)