Eserv.txt

1999-11-05T00:00:00
ID PACKETSTORM:11538
Type packetstorm
Reporter Underground Security Systems Research
Modified 1999-11-05T00:00:00

Description

                                        
                                            `---------- Forwarded message ----------  
Date: Thu, 4 Nov 1999 18:26:52 -0600  
From: owner-news@technotronic.com  
To: owner-news@technotronic.com  
Subject: BOUNCE news@technotronic.com: Approval required:   
  
Eserv 2.50 Web interface Server Directory Traversal Vulnerability  
  
Product:  
  
Eserv/2.50 is the complete solution to access Internet from LAN:  
  
- Mail Server (SMTP and POP3, with ability to share one mailbox  
on the ISP, aliases and mail routing support)  
- News Server (NNTP)  
- Web Server (with CGI, virtual hosts, virtual directory support,  
web-interface for all servers in the package)  
- FTP Server (with virtual directory support)  
- Proxy Servers  
* FTP proxy and HTTP caching proxy  
* FTP gate  
* HTTPS proxy  
* Socks5, Socks4 and 4a proxy  
* TCP and UDP port mapping  
* DNS proxy  
- Finger Server  
- Built-in scheduler and dialer (dial on demand,  
dialer server for extern agents, scheduler for any tasks)  
  
PROBLEM  
  
UssrLabs found a Eserv Web Server Directory Traversal Vulnerability  
Using the string '../' in a URL, an attacker can gain read access to  
any file outside of the intended web-published filesystem directory  
  
There is not much to expand on this one....  
  
Example:  
  
http://127.1:3128/../../../conf/Eserv.ini to show all configuration file  
including  
account names  
  
  
Vendor Status:  
no contacted  
  
Vendor Url: http://www.eserv.ru/  
Program Url: http://www.eserv.ru/eserv/  
  
Credit: USSRLABS  
  
SOLUTION  
  
Nothing yet.  
  
  
`