Novell NetWare斜杠编码造成目录遍历漏洞发布时间:2002-08-28 更新时间:2002-08-28 严重程度:高 威胁程度:远程非授权文件存取 错误类型:输入验证错误 利用方式:服务器模式 BUGTRAQ ID:5522 受影响系统 Novell Netware 5.1 SP4详细描述 部分Novell NetWare存在漏洞,当PERL作为WEB服务器的解析器时对部分HTTP请求存在问题。 根据报告,由于错误的处理'\'使用UNICODE的编码,如'%5c',可导致目录遍历,查看系统任意文件。没有具体详细攻击描述。 测试代码 无 解决方案 补丁下载: Novell Netware 5.1 SP4: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. Novell Netware 5.1: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. Novell Netware 6.0 SP1: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. Novell Netware 6.0: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. 相关信息 Rain Forrest Puppy <rfp@wiretrip.net>. 参考:http://online.securityfocus.com/advisories/4410 http://support.novell.com/security-alerts/ |
