TAC Vista ISALogin.dll Template Variable Traversal Arbitrary File Access

2005-09-16T11:11:23
ID OSVDB:19479
Type osvdb
Reporter Dennis Rand(advisory@cirt.dk)
Modified 2005-09-16T11:11:23

Description

Vulnerability Description

TRAC Vista Webstation contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the ISALogin.dll program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the Template variable.

Solution Description

Upgrade to version 4.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

TRAC Vista Webstation contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the ISALogin.dll program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the Template variable.

Manual Testing Notes

/vistawebstation/scriptsLogin/ISALogin.dll?ShowLogin?Url=/&Template=../../../../../../../../../boot.ini

References:

Security Tracker: 1014923 Secunia Advisory ID:16854 Other Advisory URL: http://cirt.dk/advisories/cirt-37-advisory.pdf Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0469.html CVE-2005-3040