Sun StarOffice 5.1 - Arbitrary File Read Vulnerability

2000-03-09T00:00:00
ID EDB-ID:19797
Type exploitdb
Reporter Vanja Hrustic
Modified 2000-03-09T00:00:00

Description

Sun StarOffice 5.1 Arbitrary File Read Vulnerability. CVE-2000-0174. Remote exploit for unix platform

                                        
                                            source: http://www.securityfocus.com/bid/1040/info

StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.

http://starscheduler_server:801/../../../../etc/shadow