Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)

["Tamer Sahin" <ts () securityoffice net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There two ways to solve this problem in Eserv:

1) Add "./" string to the AccessRights in Eserv with zero rights.

2) Install Eserv.exe update, it will block "./" access.
ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0 Fingerprint:
B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA+AwUBPD73F7uLpFMrXtywEQLC0ACfTSznBfaxCPmp74yizQFlyXBgWZoAmJqu
KTLbiTNEI8R1kueD661l3Ic=
=1Lia
-----END PGP SIGNATURE-----