Lyris ListManager Error Message Information Disclosure

2005-12-08T00:00:00
ID OSVDB:21552
Type osvdb
Reporter H D Moore(fdlist@digitaloffense.net)
Modified 2005-12-08T00:00:00

Description

Vulnerability Description

Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker requests a nonexistant page. The resulting error page contains diagnostic information in the hidden 'env' variable, which will disclose software version, installation path, SQL queries and more, resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Lyris ListManager contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker requests a nonexistant page. The resulting error page contains diagnostic information in the hidden 'env' variable, which will disclose software version, installation path, SQL queries and more, resulting in a loss of confidentiality.

Manual Testing Notes

/read/rss?forum=404

References:

Vendor URL: http://www.lyris.com/products/ Secunia Advisory ID:17943 Other Advisory URL: http://metasploit.com/research/vulns/lyris_listmanager/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html FrSIRT Advisory: ADV-2005-2820 CVE-2005-4149 CVE-2005-4148 Bugtraq ID: 15789