oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fwd: [Full-disclosure] Thttpd 2.25b Directory Traversal Vulnerability

From: Zate <zate75 () gmail com>
Date: Wed, 22 May 2013 08:35:54 -0500
I got the same results.  Locally without http it shows me the local
/etc/passwd and /etc/system, remotely against the reported version I get
file not found with both lynx -dump and GET.

Zate


On Wed, May 22, 2013 at 8:31 AM, Matthias Weckbecker <mweckbecker () suse de>wrote:


On Wednesday 22 May 2013 13:44:09 Oden Eriksson wrote:

onsdagen den 22 maj 2013 13.06.18 skrev  Matthias Weckbecker:

Hi,

has anybody possibly already confirmed this? It might also be worth
to assign a CVE to this if it turns out to be a reproducible issue.


Confirmed here. Needed to use "lynx -dump ...".


That's weird. But you've tried it *with* 'http://&apos;? Otherwise you
don't even generate a HTTP request.

$ lynx -dump "127.0.0.1:/../../../etc/passwd"
vs
$ lynx -dump "http://127.0.0.1/../../../etc/passwd";

I don't think this report is valid.

Matthias

--
Matthias Weckbecker, Senior Security Engineer, SUSE Security Team
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg, Germany
Tel: +49-911-74053-0;  http://suse.com/
SUSE LINUX Products GmbH, GF: Jeff Hawn, HRB 16746 (AG Nuernberg)
Previous By Date Next
Previous By Thread Next

Current thread: