|
COMMAND Stronghold httpd leaks info SYSTEMS AFFECTED Stronghold/3.0, all versions up to build 3015 PROBLEM Bernard Margelin in VIGILANTE [http://www.vigilante.com] advisory 2001002 : -- snip-- In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that allows a remote attacker to disclose sensitive system files including the httpd.conf file, if a restricted access to the server status report is not enabled when using those features. This may assist an attacker in performing further attacks. By trying the following urls, an attacker can gather sensitive information : http://target/stronghold-info will give information on configuration http://target/stronghold-status will return among other information the list of request made Please note that this attack can be performed after a default installation. The vulnerabiliy seems to affect all previous version of Stonghold. -- snip -- SOLUTION Installing Stronghold/3.0 build 3015 will solve the problem Credit: This vulnerability was discovered by Madalina Andrei and Reda Zitouni, members of our Security Watch Team at Vigilante. We wish to thank Stronghold for their fast answer to fix this problem. Copyright VIGILANTe.com, Inc. 2001-11-23