Bugtraq mailing list archives
Falcon Web Server
From: advisory+falcon () BOS BINDVIEW COM (Advisory)
Date: Tue, 26 Oct 1999 11:43:31 -0400
BindView Security Advisory Falcon Web Server Technical Advisory Issue date: 10/24/99 Contact: Andrew Reiter <areiter () bos bindview com> Topic ----- Falcon Web Server suffers from a path parsing problem, which allows a remote user to escape out of the webroot directory. Also, the web server gives up information about itself when certain filenames are requested. Affected Systems ---------------- Windows 95/98/NT running BlueFace's Falcon Web Server version 1.0.0.1006. Overview -------- The Falcon Web Server (FWS) is a fully functional web server meant for running on desktop computers, handling about 50 to 80 hits per minute. The Falcon Web Server is plagued by a path parsing bug which has affected other web servers in the past, such as old IIS and Apache. This bug allows a remote user to "break out" of the webroot directory, where the web server runs, and browse directories and/or download files from areas outside of the webroot directory. The default settings of the web server allow browsing of directories and reading of files outside the webroot directory. Users can disable this "feature." If it is disabled, one can still read the files, but the complete path must be known to the attacker. FWS also has a bug in handling long file name requests, in which it will give up the location of the webroot directory. This can be used as a information gathering technique for further attacking of the machine. Impact ------ Remote users have the ability to view directory paths, download files (depending on permissions), and may use this to compromise the web server. Appendix A, Software Information -------------------------------- Falcon Web Server FWS version 1.0.0.1008 fixes the vulnerabilities and is available at: http://www.blueface.com/products.html#fws --
Current thread:
- Re: Fix for ssh-1.2.27 symlink/bind problem, (continued)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 27)
- ExpressFS 2.x FTPServer remotely exploitable buffer overflow vulnerability Luciano Martins (Jul 29)
- Vulnerability in CMail SMTP Server Version 2.4: Remotely exploitable buffer Luciano Martins (Jul 29)
- AW: Mac OS 9 Idle Lock Bug Flothow, Sebastian (Oct 29)
- Re: Fix for ssh-1.2.27 symlink/bind problem Casper Dik (Oct 29)
- DoS attack for ircd's by oversized PTR record Goblin (Oct 29)
- Re: Fix for ssh-1.2.27 symlink/bind problem Eivind Eklund (Oct 29)
- URL Live! 1.0 WebServer UNYUN (Oct 28)
- Re: Fix for ssh-1.2.27 symlink/bind problem Markus Friedl (Oct 26)
- Re: Fix for ssh-1.2.27 symlink/bind problem Wietse Venema (Oct 26)
- Falcon Web Server Advisory (Oct 26)