file server
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory
Manipulation and Denial-of-Service Vulnerabilities
Advisory-ID: 200801162
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 2.2 to and including 2.3(Beta Build
#174)
Non-Affected Applications: HFS 2.1d and earlier versions
Class: Arbitrary File/Directory Manipulation, Denial of Service
Syhunt: HFS (HTTP File Server) Username Spoofing and Log
Forging/Injection Vulnerability
Advisory-ID: 200801163
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 1.5g to and including 2.3(Beta Build
#174); and possibly HFS version 1.5f
Non-Affected Applications: HFS 1.5e and earlier versions
Class: Log Forging/Injection, Username Spoofing
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and
Information Disclosure Vulnerabilities
Advisory-ID: 200801161
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 2.0 to and including 2.3(Beta Build
#174)
Non-Affected Applications: HFS 1.6a and earlier versions
Class: Cross-Site Scripting (XSS), Information Disclosure
#######################################################################
Luigi Auriemma
Application: HTTP File Server
http://www.rejetto.com/hfs/
Versions: <= 2.2a and <= 2.3 beta (build #146)
Platforms: Windows
Bug: limited directory traversal in files uploading
Exploitation: remote
[5] Jorge Luis Alvarez Medina, Abusing Insecure Feature of Internet
Explorer, Feb. 2010
http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-article.pdf
[6] Jorge Luis Alvarez Medina, Internet Explorer turns your personal
computer into a public File Server, BlackHat Technical Security
conference, Feb. 2010, Washington D.C., USA.
http://corelabs.coresecurity.com/index.php?module=wiki%38action=attachment%38type=publication%38page=Abusing_insecure_features_of_Internet_Explorer-BHDC2010-Slides.pdf
[7] Wikipedia, Trident (layout engine).
http://en.wikipedia.org/wiki/Trident_(layout_engine)
1) Introduction
===============
From vendor's homepage:
"Serv-U is a powerful, easy-to-use File Server that allows you to
securely and efficiently share files across the Internet using 5
industry standard transfer protocols and by employing SSL encryption,
powerful managment tools, and more."
#####################################################################################
Application: My Remote File Server
Platforms: Windows XP Professional SP2
Exploitation: Privilege Escalation
Date: 2009-10-26
or
* For Integrated Document sets, if you have deployed the HTML
version of documentation to a web server, move the documentation
to a file server and delete the documentation from the web server.
* For Online Help systems, remove the help systems from the
application folders and place them on a file system for future
reference. Note that this will cause help links to fail in the
associated applications.
Client-side products
---------------------
These will not be patched, trends reason is that
malware will be detected up on extraction. While this is true for end-user
setups this is not the case if you use such products to scan Fileservers,
Database servers or any server where an enduser does not actively extract
content. The detection is still completely bypassed. In other words you
can no longer assume that RAR,ZIP,CAB (or any other archive) is safe/clean after
a Trendmicro scan with these products .
The nfs_permission function in fs/nfs/dir.c in the NFS client
implementation in the Linux kernel 2.6.29.3 and earlier, when
atomic_open is available, does not check execute (aka EXEC or
MAY_EXEC) permission bits, which allows local users to bypass
permissions and execute files, as demonstrated by files on an NFSv4
fileserver. (CVE-2009-1630)
Additionally, the kernel package was updated to the Linux upstream
stable version 2.6.27.24.
To update your kernel, please follow the directions located at:
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2007-6599
BugTraq ID : 27132
A race condition in the OpenAFS fileserver allows remote attackers to
cause a denial of service (daemon crash) by simultaneously acquiring and
giving back file callbacks, which causes the handler for the
GiveUpAllCallBacks RPC to perform linked-list operations without the
host_glock lock.
Where: Remote
======================================================================
3) Vendor's Description of Software
"Serv-U FTP Server is now offers an all-in-one file server solution
featuring a built in web transfer client, web based adminstration,
improved interface and more while still offering unparalleled security
and ease-of-use at the best price on the market.".
Product Link:
17h00-18h00 ? Evolution of Microsoft security mitigations ? Tim Burrell
(Microsoft)
Friday 2010-04-09:
10h30-11h30 ? Internet Explorer turns your personal computer into a
public file server ? Jorge Luis Alvarez Medina (Core Security)
11h30-12h30 ? Breaking Virtualization by switching to Virtual 8086 mode
? Jonathan Brossard (P1 Security)
14h00-15h00 ? Mac OS X Physical Memory Analysis ? Matthieu Suiche
(Moonsols, Sandman, win32dd)
does not
check execute (aka EXEC or MAY_EXEC) permission bits, which allows
local users
to bypass permissions and execute files, as demonstrated by files on
an NFSv4
fileserver. (CVE-2009-1630)
Integer underflow in the e1000_clean_rx_irq function in
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux
kernel before
2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired
Affected products :
- AVG Anti-Virus Network Edition (prior to engine build 8.5 323)
- AVG Internet Security Netzwerk Edition (prior to engine build 8.5 323)
- AVG Server Edition fr Linux/FreeBSD (prior to engine build 8.5 323)
- AVG eMail Server Edition (prior to engine build 8.5 323)
- AVG File Server Edition (prior to engine build 8.5 323)
- AVG Internet Security SBS Edition (prior to engine build 8.5 323)
- AVG Anti-Virus SBS Edition (prior to engine build 8.5 323)
- AVG Anti-Virus plus Firewall (prior to engine build 8.5 323)
- AVG Anti-Virus (prior to engine build 8.5 323)
- Kaspersky® Anti-Virus for Proxy Server
- Kaspersky® Anti-Virus for Check Point Firewall-1
- Kaspersky® Anti-Virus for Windows Server
- Kaspersky® Anti-Virus for Windows Server Enterprise Edition
- Kaspersky® Anti-Virus for Novell NetWare
- Kaspersky® Anti-Virus for Linux File Server
- Kaspersky® Anti-Virus for Samba Server
- Kaspersky® Security for Microsoft Exchange 2007
- Kaspersky® Security for Microsoft Exchange 2003
- Kaspersky® Anti-Virus for Lotus Notes/Domino
- Kaspersky® Anti-Virus for Windows Workstation
Discovered Date: May 31, 2010
System affected: Wing FTP Server for Windows, Version 3.5.0 and prior version
Vulnerability Description:
==================
Wing FTP server is a multi-protocol file server, which support such as
HTTP and FTP. It comes with a Web-based "Administrator" Console. The
XSS vulnerability is found in the "Administrator" Web interface.
In the "Administrator" web interface, script can be injected from the
POST command. This can be exploited by injecting arbitrary HTML and
|
