TUCoPS :: Web :: Servers :: viking2.htm

Viking 1.07 Web Server hex-encoded ../ bug
Vulnerability

    Viking

Affected

    Viking 1.04, 1.06, 1.07

Description

    nemesystm of the DHC found following.  Viking is a webserver.   It
    has a simple hex encoded dot dot bug.

    To test this vulnerability, try the following:

        www.server.com/%2e%2e/%2e%2e/scandisk.log

    This works if Viking has been installed in the proposed  directory
    and scandisk.log  exists.   Add %2e%2e/  to adjust  the amount  of
    directories to go  down, change scandisk.log  to reflect the  file
    you want.

    In the SMTP server VRFY and EXPN are enabled by default and one is
    unable to turn these commands off.  They could be used by spammers
    to verify accounts.  This was verified for Viking 1.07

Solution

    It  is  best  to  download  the  latest version at www.robtex.com.
    Other possibility is to add the following line to httpd.cnf

        Wild http:*%2e* x-viking:/na

    We suggest  upgrading, but  if that  is impossible,  the above fix
    will properly prevent this problem to be exploited on a server.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH