Hello,
I have found an XSS vulnerability in ClarkConnect web interface.
ClarkConnect is an internet server and gateway that provides protocol filtering, bandwidth management, Windows File Sharing / Samba, LDAP Directory Integration and other features...
The vulnerability was found in the latest version of this product (5.0).
ClarkConnect installs a Web server on port 82 to process the PHP scripts it uses for configuration.
Proof of concept:
http://server_address:82/public/proxy.php?url=<script>alert("XSS")</script>
Jun 16, 2010
I. BACKGROUND
Samba is an open-source Unix server application used to implement
Windows file sharing and domain controlling functionality. For more
information, please visit: http://www.samba.org
II. DESCRIPTION
Remote exploitation of a buffer overflow vulnerability within Samba
I. BACKGROUND
The snoop command line utility is installed by default on Solaris. It is
used to capture and display network traffic, similar to the widely used
tcpdump program. Server Message Block (SMB), is a network protocol used
for Microsoft Windows file sharing. More information can be found on the
vendor's website at the following URL.
http://docs.sun.com/app/docs/doc/816-0211/6m6nc677k?a=view
II. DESCRIPTION
I. BACKGROUND
The snoop command line utility is installed by default on Solaris. It is
used to capture and display network traffic, similar to the widely used
tcpdump program. Server Message Block (SMB), is a network protocol used
for Microsoft Windows file sharing. More information can be found on the
vendor's website at the following URL.
http://docs.sun.com/app/docs/doc/816-0211/6m6nc677k?a=view
II. DESCRIPTION
Problem Description:
Multiple vulnerabilities has been found and corrected in samba:
The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows
File Sharing is enabled, does not properly handle errors in resolving
pathnames, which allows remote authenticated users to bypass intended
sharing restrictions, and read, create, or modify files, in certain
circumstances involving user accounts that lack home directories
(CVE-2009-2813).
3.3.6, when dos filemode is enabled, allows remote attackers to modify
access control lists for files via vectors related to read access to
uninitialized memory (CVE-2009-1888).
The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows
File Sharing is enabled, does not properly handle errors in resolving
pathnames, which allows remote authenticated users to bypass intended
sharing restrictions, and read, create, or modify files, in certain
circumstances involving user accounts that lack home directories
(CVE-2009-2813).
