[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     18
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.18
   Cybozu Web Server 2 File Disclosure/Denial of Service Vulnerabilities
   Problem first discovered: 22 Sep 2000
   Published: 25 Sep 2000
   Last Updated: 25 Sep 2000
     _________________________________________________________________
   
   Overview:
   
   There are some vulnerabilities in Cybozu Web Server 2, a
   freely-available web server that works on Windows95/98/NT/2000.
   
   1. File Disclosure Vulnerability
   
   Problem Description:
   
   By submitting requests to the server which include '/../' sequences
   traverse to the desired directory, an attacker can open an arbitrary
   file on the partition where Cybozu Web Server is installed. If the
   server is running with an administrator privilege, an attacker can
   disclose any files that are possible to be referenced with relative
   paths. Successful exploitation of this vulnerability could allow an
   attacker to download CGI program which cannnot be available.
   
                                 [18_1.gif]
   
                           Fig 1: File Disclosure
   
    (Downloading boot.ini file on partition that the server is installed
                   by requesting URL appended with '../')
     _________________________________________________________________
   
   2. Denial of Service Vulnerability
   
     By sending the long request including a number of ".." or "//", the
     application will consume all available CPU usage and the server
     will stop responding.
     
                            [18_2.gif] [18_3.gif]
     
                                 Fig 2: Tool
     
                                      
                 Fig 3: The rates of CPU usage before attack
     
                                 [18_4.gif]
     
                  Fig 4: The rate of CPU usage after attack
     
     Affected Version:
     
     Cybozu Web Server 2(version 2.0(0.4) or earlier)
     
     Status of fix:
     
     The fixed version 2.0(0.5) was released on September 22, 2000.
     
     Vendor Information:
     
     [7]http://cybozu.com/
     [8]http://cybozu.co.jp/ (Japanese)
     
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/18_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/17_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/19_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/18.html
   7. http://cybozu.com/index.html
   8. http://cybozu.co.jp/