Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5504
HistoryDec 09, 2003 - 12:00 a.m.

FAT32 directory auth bypass on Linux Abyssws < 1.2

2003-12-0900:00:00
vulners.com
10
JSON

#######################################################################

                         Luigi Auriemma

Application: Abyss webserver
http://www.aprelium.com
Versions: minors than 1.2
Platforms: Linux version only
Bug: Bypassing of password protected folders authorization on
FAT32 filesystems
Risk: medium
(but rarely users use Linux to run a webserver on a FAT32
partition)
Exploitation: remote through browser
Date: 08 Dec 2003
Author: Luigi Auriemma
e-mail: [email protected]
web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction

Abyss webserver is a nice and tiny free closed-source web server
developed for Win32, Linux x86, MacOS and FreeBSD platforms.

#######################################################################

======
2) Bug

The bug is a protection bypassing but it happens only on Linux when the
protected folder is on a FAT32 system. Probably is a bit unusual that
someone uses a webserver for Linux to share a FAT32 directory but Abyss
is very useful for fast configurations and for personal usages so
this is not a rare case (… in fact I have found this bug just because
I was sharing a FAT32 dir…).

Practically if the admin runs Abyss webserver on Linux and has a FAT32
directory protected by password an attacker can bypass the
authorization simply adding a dot or an HTTP encoded dot (%2e) at the
end of the URL.

The developers have reported that also the chars space (' ', %20) and
':' (%3a) cause the same problem (but on my system they cause only a
right 404 error).

#######################################################################

===========
3) The Code

http://linux_server/protected_FAT32_dir.
http://linux_server/protected_FAT32_dir./
http://linux_server/protected_FAT32_dir%2e

#######################################################################

======
4) Fix

Version 1.2 released the 3th Dec 2003

#######################################################################

Luigi Auriemma
http://aluigi.altervista.org

JSON