=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


    Date: Пт, 05 ноя 1999  03:18:25

   От: Ussr Labs <labs@USSRBACK.COM>

 Кому: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

 Тема: Eserv 2.50 Web interface Server Directory Traversal Vulnerability

--------------------------------------------------------------------------------




Eserv 2.50 Web interface Server Directory Traversal Vulnerability



Product:



Eserv/2.50 is the complete solution to access Internet from LAN:



- Mail Server (SMTP and POP3, with ability to share one mailbox

  on the ISP, aliases and mail routing support)

- News Server (NNTP)

- Web Server (with CGI, virtual hosts, virtual directory support,

  web-interface for all servers in the package)

- FTP Server (with virtual directory support)

- Proxy Servers

  * FTP proxy and HTTP caching proxy

  * FTP gate

  * HTTPS proxy

  * Socks5, Socks4 and 4a proxy

  * TCP and UDP port mapping

  * DNS proxy

- Finger Server

- Built-in scheduler and dialer (dial on demand,

  dialer server for extern agents, scheduler for any tasks)



PROBLEM



UssrLabs found a Eserv Web Server Directory Traversal Vulnerability

Using the string '../' in a URL, an attacker can gain read access to

any file outside of the intended web-published filesystem directory



There is not much to expand on this one....



Example:



http://127.1:3128/../../../conf/Eserv.ini   to show all configuration file

including

account names





Vendor Status:

no contacted



Vendor   Url: http://www.eserv.ru/

Program Url: http://www.eserv.ru/eserv/



Credit: USSRLABS



SOLUTION



    Nothing yet.