Renegade BBS Archive Menu Arbitrary File Access

1994-01-01T00:00:00
ID OSVDB:14734
Type osvdb
Reporter OSVDB
Modified 1994-01-01T00:00:00

Description

Vulnerability Description

Renegade BBS contains a flaw that may allow an unprivileged user to gain access to arbitrary files on the system. The issue is due to the Archive Menu accepting files from users without sanitizing input. A user that uploads a file with pointers to arbitrary files will be processed by Archive Menu interface and can be tricked into including the files in a temporary Zip file. Temporary files are available to the user which will potentially disclose system information.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Restrict user access to the Archive Menu

Short Description

Renegade BBS contains a flaw that may allow an unprivileged user to gain access to arbitrary files on the system. The issue is due to the Archive Menu accepting files from users without sanitizing input. A user that uploads a file with pointers to arbitrary files will be processed by Archive Menu interface and can be tricked into including the files in a temporary Zip file. Temporary files are available to the user which will potentially disclose system information.

References:

Other Advisory URL: http://www.osvdb.org/ref/14/14734-renegade_archive.txt Generic Informational URL: http://software.bbsdocumentary.com/IBM/DOS/RENEGADE/