Bugtraq mailing list archives
Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole)
From: "Michael H. Warfield" <mhw () WITTSEND COM>
Date: Tue, 8 Aug 2000 12:15:05 -0400
On Tue, Aug 08, 2000 at 10:42:37PM +0900, TAKAGI, Hiromitsu wrote: [...]
Problem Description ------------------- Brumleve's demonstration page politely asks users to specify a directory on their computer for public access. However, by specifying "\.." in HTTP requests to the server, an attacker can navigate the server's file system and view/download any files. For example, http://your-ip-address:8080/C:/temp/\../ or http://your-ip-address:8080/C:/temp/%5C../ (for Internet Explorer as a client) will display the contents of the root directory of C: drive of the server's computer.
Affected versions and platforms ------------------------------- This bug has been verified to be present on the BOHTTPD 0.1 in Netscape Navigator 4.72 for Windows.
This does not appear to be effective against Netscape Communicator 4.74 on Linux. I get permission denied for any plain ".." in the path anywhere and anything with "\.." or "%5c.." gets a Java runtime error complaining that the directory "\.." was not found.
Workaround ---------- Do not use BOHTTPD. :-)
:-) Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Current thread:
- Dangerous Java/Netscape Security Hole Dan Brumleve (Aug 07)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)
- Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) Michael H. Warfield (Aug 09)
- <Possible follow-ups>
- Re: Dangerous Java/Netscape Security Hole tkuiper (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Michael H. Warfield (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Art Savelev (Aug 08)
- Re: Dangerous Java/Netscape Security Hole Andrew L . Davis (Aug 08)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)