Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re : Dangerous Java/Netscape Security Hole)

From: "Wilson, Brian F" <Brian.Wilson () BNSF COM>
Date: Tue, 8 Aug 2000 11:41:11 -0500
Additional Info...

A simpler traversal option is to click on the "Up to higher level directory"
link when browsing the affected machine. This has worked on all of the
windows machines that I've visited with BOHTTPD Spy.

I have gotten 'Permission Denied.' messages on some machines that appeared
to be *ix platforms when trying to traverse higher than the 'share point'.

-Brian Wilson

-----Original Message-----
From: TAKAGI, Hiromitsu [mailto:takagi () ETL GO JP]
Sent: Tuesday, August 08, 2000 8:43 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re:
Dangerous Java/Netscape Security Hole)


=====================================================
Brown Orifice HTTPD Directory Traversal Vulnerability
=====================================================

Background
----------
  Brown Orifice HTTPD (BOHTTPD) <http://www.brumleve.com/BrownOrifice/>
  is "a web server and file sharing tool" that runs as a Java Applet in
  Netscape Navigator.(*1)  It was written by Dan Brumleve and was
  announced in BugTraq a few days ago.

Problem Description
-------------------
  Brumleve's demonstration page politely asks users to specify a
  directory on their computer for public access. However, by specifying
  "\.." in HTTP requests to the server, an attacker can navigate the
  server's file system and view/download any files. For example,
      http://your-ip-address:8080/C:/temp/\../
  or
      http://your-ip-address:8080/C:/temp/%5C../ (for Internet Explorer
      as a client)
  will display the contents of the root directory of C: drive of the
  server's computer.

Affected versions and platforms
-------------------------------
  This bug has been verified to be present on the BOHTTPD 0.1 in
  Netscape Navigator 4.72 for Windows.

Workaround
----------
  Do not use BOHTTPD.  :-)


(*1) This is also a security hole per se, as you know.

Regards,
--
Hiromitsu Takagi
Electrotechnical Laboratory
http://www.etl.go.jp/~takagi/
Previous By Date Next
Previous By Thread Next

Current thread: