oss-sec mailing list archives

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability

From: George Theall <gtheall () tenable com>
Date: Wed, 22 May 2013 13:38:32 +0000


On May 22, 2013, at 9:29 AM, Vitezslav Cizek <civ () blema cz>
 wrote:

* Dne Středa 22. květen 2013, 13:44:09 [CEST] Oden Eriksson napsal:

onsdagen den 22 maj 2013 13.06.18 skrev  Matthias Weckbecker:

Hi,

has anybody possibly already confirmed this? It might also be worth
to assign a CVE to this if it turns out to be a reproducible issue.


Confirmed here. Needed to use "lynx -dump ...".

Are you sure?
I fail to reproducet the problem.


This seems like a configuration issue rather than a vulnerability. The code in libhttpd.c seems to filter directory 
traversal sequences. And I was able to reproduce this only if thttpd was serving files out of the system root directory 
(e.g., "thttpd -d /"), in which case the directory traversal sequences are irrelevant.


George
-- 
theall () tenable com

Current thread:

Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
  - Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Vitezslav Cizek (May 22)
    - Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability George Theall (May 22)
    - Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability The Doctor (May 22)
  - Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Matthias Weckbecker (May 22)
    - Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Zate (May 22)
    - Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Oden Eriksson (May 22)
- Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability Tavis Ormandy (May 22)