StarOffice StarScheduler Arbitrary File Read Vulnerability
BID:1040
Info
StarOffice StarScheduler Arbitrary File Read Vulnerability
| Bugtraq ID: | 1040 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2000 12:00AM |
| Updated: | Mar 09 2000 12:00AM |
| Credit: | First posted to BugTraq by Vanja Hrustic <[email protected]> on March 9, 2000. |
| Vulnerable: |
Sun StarOffice 5.1 |
| Not Vulnerable: | |
Discussion
StarOffice StarScheduler Arbitrary File Read Vulnerability
StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.
StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.
Exploit / POC
StarOffice StarScheduler Arbitrary File Read Vulnerability
http://starscheduler_server:801/../../../../etc/shadow
http://starscheduler_server:801/../../../../etc/shadow
Solution / Fix
StarOffice StarScheduler Arbitrary File Read Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
StarOffice StarScheduler Arbitrary File Read Vulnerability
References:
References: