HomeSeer Directory Traversal Vulnerability

[SNS Research <vuln-dev () greyhack com>]

Strumpf Noir Society Advisories
! Public release !
<--#


-= HomeSeer Directory Traversal Vulnerability =-

Release date: Thursday, December 7, 2000


Introduction:

HomeSeer is home automation software for Windows 2000, Windows NT,
Windows 98, and Windows 95 that uses inexpensive X10 technology to
control your lights, appliances, and audio/video equipment. A webserver
is build in, allowing you to even remote control your appliances over
the Internet.

HomeSeer can be found at vendor Keware's website,
http://www.keware.com


Problem:

Adding the string "../" to an URL allows an attacker to files outside
of the webserver's publishing directory. This allows read access to any
file on the server. Example: http://localhost:80/../../../autoexec.bat
reads the file "autoexec.bat" from the partition's root dir.


(..)


Solution:

Vendor has been notified and has acknowledged this problem. It has been
fixed in the 1.4.29 (beta-)version of the HomeSeer software which is
availble from http://www.keware.com/kewarebeta.htm and will be included
in the future 1.5 release.

This was tested against HomeSeer 1.4. Older versions can be expected to
vulnerable, users are encouraged to upgrade.


yadayadayada

SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.

EOF, but Strumpf Noir Society will return!