Bugtraq mailing list archives
Re: bug in iChat 3.0 (maybe others)
From: renzo () VERONICA NL (Renzo Toma)
Date: Thu, 10 Sep 1998 09:56:43 +0200
the host:4080/../../../etc/passwd bug has been fixed in 3.03 (checked for the solaris 2.5 version) Cheers, -Renzo [original post below]
The iChat (http://www.ichat.com/) ROOMS server runs as 'nobody', and on port 4080 as default. From what I've noticed, it just uses http, and has a bug which lets following /../../../ be ran on the URL using any web browser. For example, something like: http://chat.server.com:4080/../../../etc/passwd will display the passwd file. With this you can view any file on the system that 'nobody' has access to. I was only able to test this on version 3.0 of the software, and running on Solaris. I contacted the company about this, all they said was that if you're using 3.0, you should upgrade to 3.03 as soon as possible. I don't even know if this particular bug is fixed in that version. If you can try this on other versions and OS's, I'd like to hear about the results.
Current thread:
- bug in iChat 3.0 (maybe others) Jon Beaton (Sep 09)
- Re: bug in iChat 3.0 (maybe others) Renzo Toma (Sep 10)
- Re: bug in iChat 3.0 (maybe others) Steve Kann (Sep 10)