|
Vulnerability WorldClient Affected WorldClient 2.1 Description Following is based on Infosec Security Vulnerability Report. The web server for remote access to e-mail in WorldClient 2.1 is vulnerable for root dot dot. It is possible to read and in some cases download any file known by name and location on a Windows NT 4.0. An attacker can download a copy of the sam._ file, the repair SAM database. The web server WDaemon/2.1, which is a part of the web-based Email solution World Client 2.1 is vulnerable for root dot dot in some cases. When requesting the URL http://email.victim.com/..\..\..\winnt\repair\sam._ from Linux 2.X and Netscape 4.08 the sam._ is downloaded. It seems like this vulnerability is not present when requesting the same URL from Windows NT 4.0 with Internet Explorer 4.0 and Netscape Communicator 6.0. When using these newer browsers the backslash is automatically exchanged for a forward slash and you get a message that you are requesting a forbidden page. Solution Currently there is no patch that corrects this problem. Mr John Grish, Technical Support Supervisor at Deerfield.com said that their development team is testing and working on this problem in this moment.