Bugtraq mailing list archives

MetaProducts Offline Explorer Directory Traversal Vulnerability

From: SMedina () IDEFENSE COM (Servio Medina)
Date: Mon, 22 May 2000 17:13:03 -0400


Received word from MetaProducts regarding the recently posted vulnerability
in MetaProducts Offline Explorer (Bugtraq ID 1231).
According to the vendor:

[begin vendor]

The download directory is accessible via the internal Web server. It is the
only accessible area.  However, in versions 1.0 - 1.2 if a URL
http://127.0.0.1:800/./../../ is entered, it is possible to get to a
directory outside the download directory.  This problem was fixed in OE 1.3
Beta 1 version, and therefore in all later versions as well.  You can no
longer access any areas outside the download directory.

The best workaround, of course, would be to download our latest version.
(v1.3 or greater.)

Best regards,

| Robert J. Atwell Jr.
| MetaProducts Corporation
| Robert.Atwell () metaproducts com
| www.metaproducts.com
        
[end vendor]

Cheers,
Servio F. Medina

---
Information Security Analyst
www.idefense.com

Current thread:

Re: Fwd: [nohack] Yet another way to disguise files. Dan Harkless (May 17)
- Re: Fwd: [nohack] Yet another way to disguise files. Larry Olin Horn (May 18)
- Nasty XFree Xserver DoS Chris Evans (May 18)
  - MetaProducts Offline Explorer Directory Traversal Vulnerability Servio Medina (May 22)
  - Vulnerability in infosrch.cgi SGI Security Coordinator (May 22)
  - Re: Nasty XFree Xserver DoS Weston Pawlowski (May 22)
- <Possible follow-ups>
- Re: Fwd: [nohack] Yet another way to disguise files. Dan Harkless (May 18)
  - [RHSA-2000:028-02] Netscape 4.73 available bugzilla () REDHAT COM (May 19)
  - Black Watch Labs Vulnerability Alert Black Watch Labs (May 19)
  - Black Watch Labs Vulnerability Alert Black Watch Labs (May 19)
  - Re: Fwd: [nohack] Yet another way to disguise files. mock () ACTIVESTATE COM (May 19)