TUCoPS :: Web :: Apache :: hack4158.htm

STG Security Advisory: Apache for cygwin directory traversal vulnerability
STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability



STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory

traversal vulnerability



Revision 1.0

Date Published: 2004-02-17 (KST)

Last Update: 2004-02-17

Disclosed by SSR Team (advisory@stgsecurity.com) 





Abstract

========

Apache on cygwin environment has a directory traversal vulnerability.



Vulnerability Class

===================

Implementation Error: Input validation flaw



Details

=======

Apache httpd on cygwin environment has a directory traversal vulnerability

similar to a reported bug in

http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00241.html 



Using the following code, a malicious user can retrieve any file.

http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini 



Impact

======

File disclosure



Solution

=========

Stipe Tolj, Apache for cygwin maintainer, released a patch file to fix this

vulnerability on Apache 1.3.29 as shown in the following URL.



http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152 



Apache 2 on the cygwin, however, is still vulnerable and is recommended not

to use it for a production server.



Affected Products

================

Apache 1.3.29 and below

Apache 2.0.48 and below



Vendor Status: FIXED

=======================

2004-01-13 Jeremy Bae found the vulnerabilities.

2004-01-15 Apache project notified.

2004-02-03 Cygwin platform maintainer confirmed.

2004-02-04 A patch file released.

2004-02-17 Official release.



Credits

======

Jeremy Bae at STG Security

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH