Lyris ListManager TCLHTTPd %00 TML Source Disclosure

2005-12-08T00:00:00
ID OSVDB:21551
Type osvdb
Reporter H D Moore(fdlist@digitaloffense.net)
Modified 2005-12-08T00:00:00

Description

Vulnerability Description

Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker requests a TML script with a NULL byte code. Such a request will cause the TCLHTTPd service to disclose the source of the TML script rather than processing it normally.

Solution Description

Upgrade to version 8.9b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker requests a TML script with a NULL byte code. Such a request will cause the TCLHTTPd service to disclose the source of the TML script rather than processing it normally.

References:

Vendor URL: http://www.lyris.com/products/ Secunia Advisory ID:17943 Related OSVDB ID: 21573 Other Advisory URL: http://metasploit.com/research/vulns/lyris_listmanager/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html FrSIRT Advisory: ADV-2005-2820 CVE-2005-4147 Bugtraq ID: 15788