---------- Forwarded message ----------
Date: Thu, 4 Nov 1999 18:26:52 -0600
From: owner-news@technotronic.com
To: owner-news@technotronic.com
Subject: BOUNCE news@technotronic.com: Approval required:     

Eserv 2.50 Web interface Server Directory Traversal Vulnerability

Product:

Eserv/2.50 is the complete solution to access Internet from LAN:

- Mail Server (SMTP and POP3, with ability to share one mailbox
  on the ISP, aliases and mail routing support)
- News Server (NNTP)
- Web Server (with CGI, virtual hosts, virtual directory support,
  web-interface for all servers in the package)
- FTP Server (with virtual directory support)
- Proxy Servers
  * FTP proxy and HTTP caching proxy
  * FTP gate
  * HTTPS proxy
  * Socks5, Socks4 and 4a proxy
  * TCP and UDP port mapping
  * DNS proxy
- Finger Server
- Built-in scheduler and dialer (dial on demand,
  dialer server for extern agents, scheduler for any tasks)

PROBLEM

UssrLabs found a Eserv Web Server Directory Traversal Vulnerability
Using the string '../' in a URL, an attacker can gain read access to
any file outside of the intended web-published filesystem directory

There is not much to expand on this one....

Example:

http://127.1:3128/../../../conf/Eserv.ini   to show all configuration file
including
account names


Vendor Status:
no contacted

Vendor   Url: http://www.eserv.ru/
Program Url: http://www.eserv.ru/eserv/

Credit: USSRLABS

SOLUTION

    Nothing yet.