Vulners
Lucene search
ichat3.txt
`Date: Wed, 9 Sep 1998 16:19:28 -0700
From: Jon Beaton <[email protected]>
Subject: bug in iChat 3.0 (maybe others)
Hi,
The iChat (http://www.ichat.com/) ROOMS server runs as 'nobody', and on
port 4080 as default. From what I've noticed, it just uses http, and has
a bug which lets following /../../../ be ran on the URL using any web
browser. For example, something like:
http://chat.server.com:4080/../../../etc/passwd
will display the passwd file. With this you can view any file on the
system that 'nobody' has access to. I was only able to test this on
version 3.0 of the software, and running on Solaris. I contacted the
company about this, all they said was that if you're using 3.0, you
should upgrade to 3.03 as soon as possible. I don't even know if this
particular bug is fixed in that version. If you can try this on other
versions and OS's, I'd like to hear about the results.
Thanks,
Jon Beaton
[email protected]
jbx @ Undernet
-------------------------------------------------------------------------
Date: Thu, 10 Sep 1998 09:56:43 +0200
From: Renzo Toma <[email protected]>
Subject: Re: bug in iChat 3.0 (maybe others)
the host:4080/../../../etc/passwd bug has been fixed in 3.03 (checked for
the solaris 2.5 version)
Cheers,
-Renzo
-------------------------------------------------------------------------
Date: Thu, 10 Sep 1998 09:51:42 -0400
From: Steve Kann <[email protected]>
Subject: Re: bug in iChat 3.0 (maybe others)
They (ichat) know about this problem, and have fixed it in versions
greater than 3.00. It's a pretty stupid problem to have in the first
place, though.
What really irked me about this when I found out about it was this:
1) I found out about it as it was being exploited by an I-chat technical
support representative, who was using it to read certain configuration
files on my machine. He wasn't necessarily being malicious, but he
_was_ accessing files on my machine, using a security flaw in their
software, without my consent. Not exactly an experience that gives one
a "warm/fuzzy feeling".
2) They released a version 3.00 for linux, but did not release a fixed
version for linux. So, users running it on linux were forced to either
stop using it altogether, or live with the problem. The third
possibility, running it in a protected chrooted environment, is what I
chose for the period of time that I needed to continue running the
software. I figured that if they had this kind of bug, who knows how
many exploitable buffer overflows there are.
-SteveK
--
Steve Kann - Horizon Live Distance Learning - 841 Broadway, Suite 502
Personal:[email protected] Business:[email protected] (212) 533-1775
Non voglio il vostro prodotto o servizio, e non voglio i vostri soldi
Pertanto, non mandatemi alcuna informazione a riguardo.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4