Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion

From: ddivulnalert () ddifrontline com
Date: Wed, 6 Mar 2013 20:58:02 GMT
Title
-----
DDIVRT-2013-51 DALIM Dialog Server 'logfile' Local File Inclusion

Severity
--------
High

Date Discovered
---------------
February 14, 2013

Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: 0x00string, Ryan Oliver and r@b13$

Vulnerability Description
-------------------------
The DALIM Dialog Server contains a local file inclusion vulnerability within the 'logfile' file viewing component. An 
authenticated remote attacker can use this weakness to view arbitrary files from the DALIM Dialog Server's root file 
system.

Solution Description
--------------------
DALIM has provided a software update which addresses this issue in the form of DiALOG_Server-6.0.0.0-113. The update is 
available from DALIM.

Tested Systems / Software
-------------------------
Apple Mac OS X running DALIM Dialog server 6.0

Vendor Contact
--------------
Vendor Name: Dalim Software GmbH
Vendor Website: http://www.dalim.com/
Previous By Date Next
Previous By Thread Next

Current thread: