TUCoPS :: Web :: Servers :: wclient2.htm

WorldClient web server root-dot-dot vulnerability
Vulnerability

    WorldClient

Affected

    WorldClient 2.1

Description

    Following is based on Infosec Security Vulnerability Report.   The
    web  server  for  remote  access  to  e-mail in WorldClient 2.1 is
    vulnerable for root dot dot.   It is possible to read and  in some
    cases download any  file known by  name and location  on a Windows
    NT 4.0.  An  attacker can download a  copy of the sam._  file, the
    repair SAM database.

    The  web  server  WDaemon/2.1,  which  is  a part of the web-based
    Email solution World Client 2.1 is vulnerable for root dot dot  in
    some cases.  When requesting the URL

        http://email.victim.com/..\..\..\winnt\repair\sam._

    from Linux  2.X and  Netscape 4.08  the sam._  is downloaded.   It
    seems like this vulnerability  is not present when  requesting the
    same  URL  from  Windows  NT  4.0  with  Internet Explorer 4.0 and
    Netscape Communicator 6.0.   When using these  newer browsers  the
    backslash is automatically exchanged  for a forward slash  and you
    get a message that you are requesting a forbidden page.

Solution

    Currently there is  no patch that  corrects this problem.  Mr John
    Grish,  Technical  Support  Supervisor  at Deerfield.com said that
    their development team is testing  and working on this problem  in
    this moment.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH