Boa Webserver 0.94.2.x File Disclosure Vulnerability
BID:1770
Info
Boa Webserver 0.94.2.x File Disclosure Vulnerability
| Bugtraq ID: | 1770 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Oct 10 2000 12:00AM |
| Updated: | Oct 10 2000 12:00AM |
| Credit: | This vulnerability was originally reported to bugtraq by Lluis Mora < [email protected] > on Fri Oct 06 2000. |
| Vulnerable: |
Boa Webserver 0.94.8 .2 |
| Not Vulnerable: |
Mandriva Linux Mandrake 7.1 Mandriva Linux Mandrake 7.0 Mandriva Linux Mandrake 6.1 Mandriva Linux Mandrake 6.0 Boa Webserver 0.94.8 .3-1 |
Discussion
Boa Webserver 0.94.2.x File Disclosure Vulnerability
A local vulnerability exists in versions 0.94.8.3 and earlier of Boa Webserver. Improper filtering of percent-encoded characters ("/%2E%2E/") allows an attacker to submit specially-formed URLs which can lead the server to disclose arbitrary world-readable files.
Also, if the configuration file /etc/boa/boa.conf contains the following entry:
AddType application/x-httpd-cgi-cgi
a user with local access and able to create an executable ".cgi" file will be able to run that program as the user id of the webserver.
The entry is, by default, commented out.
A local vulnerability exists in versions 0.94.8.3 and earlier of Boa Webserver. Improper filtering of percent-encoded characters ("/%2E%2E/") allows an attacker to submit specially-formed URLs which can lead the server to disclose arbitrary world-readable files.
Also, if the configuration file /etc/boa/boa.conf contains the following entry:
AddType application/x-httpd-cgi-cgi
a user with local access and able to create an executable ".cgi" file will be able to run that program as the user id of the webserver.
The entry is, by default, commented out.
Exploit / POC
Boa Webserver 0.94.2.x File Disclosure Vulnerability
Exploit written by teleh0r based on an advisory by Lluis Mora / [email protected] / S21SEC (http://www.s21sec.com/en/avisos/s21sec-005-en.txt)
Exploit written by teleh0r based on an advisory by Lluis Mora / [email protected] / S21SEC (http://www.s21sec.com/en/avisos/s21sec-005-en.txt)
Solution / Fix
Boa Webserver 0.94.2.x File Disclosure Vulnerability
Solution:
Boa development team have released v.0.94.8.3.
Solution:
Boa development team have released v.0.94.8.3.
References
Boa Webserver 0.94.2.x File Disclosure Vulnerability
References:
References: