_____________________________________________________________________ Fate Research Laboratories Security Advisory --------------------------------------------------------------------- Advisory Title: Remote Console Applet Allows Remote File Retrieval Package: Instant ASP (iASP) Vendor: Halcyon Software Vendor Web Site: http://www.stryon.com Versions: <= (v1.0.9) (Latest: Unknown) Advisory ID: F820021202:IASP Issue Date: Tue 3 21:24:12 IST 2002 File(s): Remote Console Applet Running on Port 9095 Local: No Remote: Yes Vendor Contacted: Yes (8/12/2002) Vulnerability Class: Access validation Researcher: Alan "ph33r" Neville Fate Web Site: http://www.fatelabs.com --------------------------------------------------------------------- Copyright (C) 1997-2002 Fate Research Laboratories. _____________________________________________________________________ --------------------------------------------------------------------- Overview _____________________________________________________________________ The Remote Console Applet that ships with the Instant ASP software suite contains an access validation error that allows an attacker to retrieve any file on the remote system. This includes sensitive configuration files for Instant ASP as well as any other file on the remote host. (SAM, PASSWD, SHADOW, et. al) --------------------------------------------------------------------- Exploit _____________________________________________________________________ Simply point a web browser at http://:9095/../../../../../../etc/passwd --------------------------------------------------------------------- Solution _____________________________________________________________________ Halcyon Software was contacted regarding this problem on the 8th of December 2002. There is no patch for this problem at present. _____________________________________________________________________ (c) Copyright 1997-2002 Fate Research Labs. All Copyrights Reserved.