Mrtg Path Disclosure Vulnerability (Revised)

["Tamer Sahin" <ts () securityoffice net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*/This is Mrtg Web Frontend 14all.cgi bug. You may find the revised
security announcement below/*

Mrtg/RRD 14all.cgi Path Disclosure Vulnerability

Type:
Input Validation Error

Release Date:
February 4, 2002

Product / Vendor:
14all.cgi is a CGI script to create html pages and graphics for Mrtg.

http://people.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg-rrd.html

Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg/RRD
14all.cgi script.

http://host/mrtg.cgi?cfg=blabla

Tested:
Mrtg/RRD 14all.cgi v1.1p15

Vulnerable:
Mrtg/RRD 14all.cgi v1.1p15

And may be other.

Demonstration:
http://barnes.bloomu.edu/cgi-bin/mrtg.cgi?cfg=blabla

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPGBc+buLpFMrXtywEQJRLACfQ6sMmsTi4fD3PG3p7AFDxmo3XogAnj58
fnyk5QpMwxQQ7WBFTQ/w+fj+
=rxm+
-----END PGP SIGNATURE-----