AVM KEN! 1.3.10 Directory Traversal Vulnerability
BID:1103
Info
AVM KEN! 1.3.10 Directory Traversal Vulnerability
| Bugtraq ID: | 1103 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 12 2000 12:00AM |
| Updated: | Apr 12 2000 12:00AM |
| Credit: | Discovered by eAX <[email protected]> and reported to Security Focus on April 12, 2000. |
| Vulnerable: |
AVM KEN! 1.4.30 AVM KEN! 1.3.10 |
| Not Vulnerable: |
AVM KEN! 1.4.32 |
Discussion
AVM KEN! 1.3.10 Directory Traversal Vulnerability
A remote user on the local network is capable of retrieving any known file from a machine running AVM KEN!. This is accomplished by appending ../ to a URL utilizing port 3128 to escape the regular web file structure, and appending the remaining path onto the request.
eg.
http://target:3128/../../../filename.ext
A denial of service attack could also be launched against AVM KEN! by sending random characters to port 3128. A restart would be required in order to regain normal functionality.
A remote user on the local network is capable of retrieving any known file from a machine running AVM KEN!. This is accomplished by appending ../ to a URL utilizing port 3128 to escape the regular web file structure, and appending the remaining path onto the request.
eg.
http://target:3128/../../../filename.ext
A denial of service attack could also be launched against AVM KEN! by sending random characters to port 3128. A restart would be required in order to regain normal functionality.
Exploit / POC
AVM KEN! 1.3.10 Directory Traversal Vulnerability
For the directory traversal issue, see discussion.
eAX <[email protected]> has released the following exploit for the denial of service issue:
For the directory traversal issue, see discussion.
eAX <[email protected]> has released the following exploit for the denial of service issue:
Solution / Fix
AVM KEN! 1.3.10 Directory Traversal Vulnerability
Solution:
AVM has released version 1.04.32 which does not have this vulnerability. Contact AVM for download instructions.
Solution:
AVM has released version 1.04.32 which does not have this vulnerability. Contact AVM for download instructions.