Bugtraq mailing list archives
Roxen security alert: Problems with URLs containing null characters.
From: peter () IDONEX SE (Peter Bortas)
Date: Sat, 22 Jul 2000 03:53:34 +0200
Roxen 2.0 up to version 2.0.68 has a vulnerability where using URLs containing null characters can gain the browser access to information he is not authorized to: * Directory listings in directories with index files * In normal filesystems: the sourcecode for RXML files, Pike scripts, CGIs etc. * information protected by .htaccess files might be revealed under special circumstances Systems Affected All Roxen 2.0 releases before 2.0.69. We have been unable to reproduce the problem with Roxen 1.3, but this is not fully analyzed yet, so it is suggested that a patch is applied as a precaution. Roxen SiteBuilder is ONLY affected by the directory listing vulnerability. Solution An update package labeled 'Fix for "%00" vulnerability' is available from the Roxen 2.0 update server. Use the administration interface to download and install this fix. Note that the server needs to be restarted when the fix is installed. A patch for Roxen 1.3.122 (the latest 1.3 release) is a available as ftp://ftp.roxen.com/pub/roxen/patches/roxen_1.3.122-http.pike.patch and should be applied to server/protocols/http.pike. The Roxen 2.0 upgrade package is also available as a patch if the update server can not be used for some reason: ftp://ftp.roxen.com/pub/roxen/patches/roxen_2.0.50-http.pike.patch Credits Problem originally reported by <zorgon () sdf lonestar org> Further comments on the problem by Elias Levy <aleph1 () underground org> -- Peter Bortas http://peter.bortas.org Roxen IS http://www.roxen.com
Current thread:
- Biometrics conference, (continued)
- Biometrics conference Farrow, Rik (Jul 17)
- Re: CheckPoint FW1 BUG Brian Krahmer (Jul 17)
- Re: CheckPoint FW1 BUG Nicolas FISCHBACH (Jul 18)
- [Paper] Format bugs. Pascal Bouchareine (Jul 18)
- (New ?) Macro security hole in Word 97 Bongard, Dominique (Jul 21)
- Re: (New ?) Macro security hole in Word 97 Bronek Kozicki (Jul 22)
- Jakarta-tomcat.../admin Scott Morris (Jul 21)
- StackGuard with ... Re: [Paper] Format bugs. Alan DeKok (Jul 21)
- [RHSA-2000:044-02] Updated PAM packages are available. bugzilla () REDHAT COM (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Theo de Raadt (Jul 21)
- Roxen security alert: Problems with URLs containing null characters. Peter Bortas (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 21)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Brett Glass (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. mixter (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Linus Akesson (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dan Harkless (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Valentin Nechayev (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Greg A. Woods (Jul 24)
- Re: StackGuard with ... Re: [Paper] Format bugs. Dick St.Peters (Jul 25)
- Re: StackGuard with ... Re: [Paper] Format bugs. Hannah Schröter (Jul 24)