Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] BitDefender Update Server Unauthorized File Access Vulnerability

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] BitDefender Update Server Unauthorized File Access Vulnerability
Date: 25 Jan 2008 19:05:27 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  BitDefender Update Server Unauthorized File Access Vulnerability
------------------------------------------------------------------------


SUMMARY

"BitDefenderT provides security solutions to satisfy the protection 
requirements of today's computing environment, delivering effective threat 
management for over 41 million home and corporate users in more than 100 
countries. BitDefender, a division of SOFTWIN, is headquartered in 
Bucharest, Romania and has offices in Tettnang, Germany, Barcelona, Spain 
and Fort Lauderdale (FL), USA.

....The Update Server allows you to set up an upgrade location within 
your local network. This way you needn't worry about updating the products 
installed on computers that are not connected to the Internet, achieving, 
at the same time, faster updates and reduced Internet traffic. The 
BitDefender Update Server is easy to configure through an intuitive step 
by step wizard. It will help you get the latest updates for all 
BitDefender products."

The Update Server, which is part of several of BitDefender's Enterprise 
products, is running an Http-Daemon. The http.exe process is running with 
localsystem privileges and is vulnerable to the plain old directory 
traversal vulnerability. Thus it is possible to access files outside of 
the applications root directory with the named privileges.

DETAILS

Vulnerable Systems:
 * BitDefender Security for Fileservers
 * BitDefender Enterprise Manager (BDEM)

Exploit:
To exploit simply do an

    echo -e "GET /../../boot.ini HTTP/1.0\r\n\r\n" | nc <server> <port>


ADDITIONAL INFORMATION

The information has been provided by  <mailto:oliver.karow@gmx.de> Oliver 
Karow.
The original article can be found at:  
<http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/>
 
http://oliver.greyhat.de/2008/01/19/bitdefender-unauthorized-remote-file-access-vulnerability/



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] BitDefender Update Server Unauthorized File Access Vulnerability, SecuriTeam <=
Previous by Date:  [NEWS] 8e6 Technologies R3000 Internet Filter Bypass by Request Split, SecuriTeam
Next by Date:  [UNIX] eTicket 'index.php' Cross Site Scripting and Path Disclosure Vulnerabilities, SecuriTeam
Previous by Thread:  [NEWS] 8e6 Technologies R3000 Internet Filter Bypass by Request Split, SecuriTeam
Next by Thread:  [UNIX] eTicket 'index.php' Cross Site Scripting and Path Disclosure Vulnerabilities, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]