Bugtraq mailing list archives
Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)
From: "Tamer Sahin" <ts () securityoffice net>
Date: Fri, 11 Jan 2002 16:30:48 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There two ways to solve this problem in Eserv: 1) Add "./" string to the AccessRights in Eserv with zero rights. 2) Install Eserv.exe update, it will block "./" access. ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA+AwUBPD73F7uLpFMrXtywEQLC0ACfTSznBfaxCPmp74yizQFlyXBgWZoAmJqu KTLbiTNEI8R1kueD661l3Ic= =1Lia -----END PGP SIGNATURE-----
Current thread:
- Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution) Tamer Sahin (Jan 11)