Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Infosec.20000712.worldclient.2.1

🗓️ 13 Jul 2000 00:00:00Reported by Christer StafferType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

WorldClient 2.1 on Windows NT 4.0 is vulnerable to unauthorized file access via root dot dot.

Code
`Infosec Security Vulnerability Report  
No: Infosec.20000712.worldclient.2.1  
  
Vulnerability Summary  
---------------------  
Problem: The web server for remote access to e-mail in WorldClient 2.1 is  
vulnerable for root dot dot. It is possible to read and in some  
cases download any file known by name and location on a Windows  
NT 4.0.  
  
  
Threat: An attacker can download a copy of the sam._ file, the repair  
SAM database.  
  
Platform: WorldClient 2.1 on Windows NT 4.0,  
  
  
Solution: Currently there is no patch that corrects this problem.   
Mr John  
Grish,  
Technical Support Supervisor at Deerfield.com told me that their  
development team is testing and working on this problem   
in this  
moment.  
  
Vulnerability Description  
-------------------------  
The web server WDaemon/2.1, which is a part of the web-based Email solution  
World  
Client 2.1 is vulnerable for root dot dot in some cases. When requesting  
the URL http://email.victim.com/..\..\..\winnt\repair\sam._ from Linux   
2.X and  
Netscape 4.08  
the sam._ is downloaded.  
It seems like this vulnerability is not present when requesting the same URL  
from  
Windows NT 4.0 with Internet Explorer 4.0 and Netscape Communicator 6.0. When  
using  
these newer browsers the backslash is automatically exchanged for a for=  
ward  
slash  
and I get a message that I am requesting a forbidden page.  
  
Additional Information  
----------------------  
Deerfield Technical Support was notified about this vulnerability appro=  
ximately  
two  
week ago. For more information about Deerfield and WorldClient, see  
http://worldclient.deerfield.com  
Reported by: Rikard Carlsson, [email protected] .  
  
-------------------------------  
Infosec is a Swedish based tiger team that has been working with inform=  
ation  
security  
since 1982. Infosec has been doing network penetration tests and techni=  
cal  
audits of  
computer systems since 1996. Infosec is now hiring in Sweden and the Un=  
ited  
Kingdom.  
Please contact Christer Staffer=F6d for more information. Phone: +46-8-=  
6621070  
E-mail: [email protected]  
  
  
  
  
__________________________________________________  
Backupcentralen byter namn till Guardian iT Sweden  
Vi byter ocks=E5 dom=E4n till guardianit.se  
Mail =3D [email protected]  
WWW =3D www.guardianit.com  
  
Backupcentralen will change name to Guardian iT Sweden  
Domain will be guardianit.se  
Mail =3D [email protected]  
WWW =3D www.guardianit.com  
__________________________________________________  
=  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Jul 2000 00:00Current
7.4High risk
Vulners AI Score7.4
worldclient vulnerabilitywindows nt 4.0remote access issueunauthorized file downloadtechnical support
31