Bugtraq mailing list archives
Infosec.20000207.axis700.a
From: ian.vitek () INFOSEC SE (Vitek, Ian)
Date: Mon, 7 Feb 2000 14:01:40 +0100
Infosec Security Vulnerability Report No: Infosec.20000207.axis700.a ===================================== Vulnerability Summary --------------------- Problem: Bypassing authentication on Axis 700 Network Scanner; By modifying an URL, outsiders can access administrator URLs without entering username and password. Threat: Unauthorized access. Platform: Axis 700 Network Scanner Server (Software Version 1.12) Solution: Non? Se below. Vulnerability Description ------------------------- User pages are located under http://server/user/. The URL to the configuration page is: http://server/admin/this_axis700/this_axis700.shtml This page is password protected. The actual configuration takes place on the pages linked from this page. By changing the URL to: http://server/user/../admin/this_axis700/this_axis700.shtml gives an outsider access to the configuration page without entering username and password. The server seems to check access permissions before URL conversion. The server also decodes %1u to %2e (not a vulnerability). Solution -------- <<Quote_from_Axis_Support Hi,, You will find the latest version on http://www.axis.se/techsup Best Regards XXXXXX XXXXXXX Quote_from_Axis_Support Nothing says that version 1.14 will fix this vulnerability. Other information ----------------- Infosec recommends everyone to try to access their authorized pages with URLs as: http://server/NonPrivPage/../PrivPage/ Infosec thanks weld at l0pht for the inspiration (http://www.l0pht.com/advisories/showcode.txt) //Ian Vitek ian.vitek () infosec se ------------------------------- Infosec is a Swedish based tigerteam that have worked with computer-related security since 1982 and done penetration tests and technical revisions since 1996. Infosec is now searching for co-workers. Call Blume on +46-8-6621070 for more information.
Current thread:
- Re: Tempfile vulnerabilities, (continued)
- Re: Tempfile vulnerabilities Grant Taylor (Jan 31)
- Re: Tempfile vulnerabilities Theo de Raadt (Feb 01)
- Microsoft Security Bulletin (MS00-007) Aleph One (Feb 01)
- Re: Tempfile vulnerabilities Werner Koch (Feb 02)
- Re: Tempfile vulnerabilities Theo de Raadt (Feb 02)
- Evil Cookies. Iain Wade (Feb 02)
- UPDATE: Sygate 3.11 Port 7323 Telnet Hole jalerta () nestworks com (Feb 03)
- Re: Evil Cookies. Joachim Feise (Feb 03)
- Re: Evil Cookies. Jon Paul, Nollmann (Feb 05)
- Reminder: BOF on Distributed DoS, San Jose 2/7/00 David Kennedy CISSP (Feb 06)
- Infosec.20000207.axis700.a Vitek, Ian (Feb 07)
- Re: Evil Cookies. Thomas Reinke (Feb 04)
- Re: Evil Cookies. Dylan Griffiths (Feb 07)
- 'cross site scripting' CERT advisory and MS Eric Lecht (Feb 08)
- Re: 'cross site scripting' CERT advisory and MS Dustin Miller (Feb 09)
- Re: 'cross site scripting' CERT advisory and MS David LeBlanc (Feb 10)
- Re: 'cross site scripting' CERT advisory and MS Marc Slemko (Feb 11)
- Re: 'cross site scripting' CERT advisory and MS Rishi Lee Khan (Feb 14)
- Packet Tracing (linux klog patch) Dragos Ruiu (Feb 12)
- Re: Packet Tracing (linux klog patch) Andrzej Bialecki (Feb 15)
- Re: Packet Tracing (linux klog patch) Dragos Ruiu (Feb 17)
- Re: Tempfile vulnerabilities Grant Taylor (Jan 31)