Re: bug in iChat 3.0 (maybe others)

[renzo () VERONICA NL (Renzo Toma)]

the host:4080/../../../etc/passwd bug has been fixed in 3.03 (checked for
the solaris 2.5 version)

Cheers,

-Renzo

[original post below]
> The iChat (http://www.ichat.com/) ROOMS server runs as 'nobody', and on
> port 4080 as default. From what I've noticed, it just uses http, and has
> a bug which lets following /../../../ be ran on the URL using any web
> browser.  For example, something like:
>
> http://chat.server.com:4080/../../../etc/passwd
>
> will display the passwd file. With this you can view any file on the
> system that 'nobody' has access to. I was only able to test this on
> version 3.0 of the software, and running on Solaris. I contacted the
> company about this, all they said was that if you're using 3.0, you
> should upgrade to 3.03 as soon as possible.  I don't even know if this
> particular bug is fixed in that version. If you can try this on other
> versions and OS's, I'd like to hear about the results.