Vulnerability

    iChat

Affected

    Systems running iChat 3.0 (maybe others)

Description

    Jon  Beaton  found  following.   The iChat (http://www.ichat.com/)
    ROOMS server runs as  'nobody', and on port  4080 as default.   It
    just uses http, and has  a bug which lets following  /../../../ be
    ran on  the URL  using any  web browser.   For example,  something
    like:

        http://chat.server.com:4080/../../../etc/passwd

    will display the passwd file. With  this you can view any file  on
    the  system  that  'nobody'  has  access  to.   This was tested on
    version 3.0 of the software, and running on Solaris.

Solution

    iChat people said that if you're using 3.0, you should upgrade  to
    3.03 as soon as possible.