TUCoPS :: Web :: Servers :: fschat~1.htm

Freestyle Chat server Directory traversal vulnerability
Vulnerability

    Freestyle Chat server

Affected

    Freestyle Chat server every version prior to 4.1 SR3

Description

    nemesystm of the  DHC found following.   Freestyle Chat server  is
    http chat environment.  It is vulnerable to a variation of the dot
    dot bug.   Freestyle also  suffers from  a device  name denial  of
    service.

    Freestyle Chat server 3.73 was tested and is vulnerable.  The
    creator of Freestyle Chat server has verified that every version
    prior to 4.1 SR3 is vulnerable.

    By requesting

        http://www.server.com/.../.../scandisk.log
        http://www.server.com/..../scandisk.log

    one can  grab any  file they  want.   Naturally variations  on the
    examples above are also possible.

    By requesting

        http://www.server.com/aux

    one can crash the server.  This is not a problem in Windows  2000,
    only in Windows ME/98.

Solution

    4.1  SR3  was  released  because  of this vulnerability.  Download
    Freestyle Chat server 4.1 SR3.  If upgrading is not an option  for
    some reason, a  patch is also  available on the  Faust Informatics
    website.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH