Netquery nq_log.txt User Activity Remote Disclosure

2005-07-25T10:23:29
ID OSVDB:18277
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-25T10:23:29

Description

Vulnerability Description

Netquery contains a flaw that may lead to an unauthorized information disclosure. The issue is that the nqlog.txt file is publicly available, which will disclose user activity information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 3.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Netquery contains a flaw that may lead to an unauthorized information disclosure. The issue is that the nqlog.txt file is publicly available, which will disclose user activity information resulting in a loss of confidentiality.

Manual Testing Notes

http://[target]/[path]/logs/nq_log.txt

References:

Vendor URL: http://www.virtech.org/tools/ Vendor Specific Advisory URL Secunia Advisory ID:16216 Related OSVDB ID: 18281 Related OSVDB ID: 18283 Related OSVDB ID: 18276 Related OSVDB ID: 18279 Related OSVDB ID: 18280 Related OSVDB ID: 18284 Related OSVDB ID: 18278 Related OSVDB ID: 18282 Other Advisory URL: http://www.rgod.altervista.org/netquery.html