The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Fri, 23 Nov 2001 18:47:04 +0100
From: Bernard Margelin <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Redhat Stronghold Secure Server File System Disclosure Vulnerability
Advisory Code: VIGILANTE-2001002
Release Date: November 23, 2001

Systems affected:
Stronghold/3.0 Apache/1.3.19 RedHat/3014 (Unix) PHP/3.0.18
mod_ssl/2.8.1 OpenSSL/0.9.6 mod_perl/1.25 

Systems not affected:
Stronghold/3.0 build 3015 

The problem:
In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that
allows a remote attacker to disclose sensitive system files including
the httpd.conf file, if a restricted access to the server status
report is not enabled when using those features.
This may assist an attacker in performing further attacks.

By trying the following urls, an attacker can gather sensitive
information :
http://target/stronghold-info will give information on configuration
http://target/stronghold-status will return among other information
the list of request made

Please note that this attack can be performed after a default
installation. The vulnerabiliy seems to affect all previous version
of Stonghold.

Vendor status:
Stronghold was contacted October 30, 2001 and answered the same day.
2 days later, they told us that they would release a patch soon. The
patch was finally released November 19, 2001.

Vulnerability Assessment:
A test case to detect this vulnerability was added to SecureScan NX
in the upgrade package of November 23, 2001. You can see the
documentation of this test case 17227 on SecureScan NX web site at
http://securescannx.vigilante.com/tc/17227 

Fix:
Installing Stronghold/3.0 build 3015 will solve the problem. 

CVE:
Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted to get a candidat number. 

Credit:
This vulnerability was discovered by Madalina Andrei and Reda
Zitouni, members of our Security Watch Team at Vigilante. We wish to
thank Stronghold for their fast answer to fix this problem. 

Copyright VIGILANTe.com, Inc. 2001-11-23

Disclaimer:
The information within this document may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences
whatsoever arising out of or in connection with the use or spread of
this information. Any use of this information lays within the user's
responsibility.

Feedback 
Please send suggestions, updates, and comments to [email protected] 

VIGILANTe Vulnerability Disclosure Policy:
http://www.vigilante.com/inetsecurity/advisories/vulnerability_disclos
ure_policy.htm

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1

iQA/AwUBO/6LmFc0qcp4Y4PuEQJR6gCgs3CqnGKQq9pEUfIJmEZvz2ERZCEAoOZq
O/B029dfrPDPjR6euRLIU3qh
=2u8C
-----END PGP SIGNATURE-----

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру