CHINANSL Security Advisory(CSA-200012)



Topic: Ultraseek Server 3.0 Vulnerability



Release Date£º Dec 6, 2000



Affected system:

============



Ultraseek Server 3.0

¡¡¡¡- SunOS



Impact: 

======



CHINANLS security team has found a security 

problem in Ultraseek Server 

3.0 . Exploitation of this vulnerability, It is possible that 

a malicious

user can get the absolute path and source code of 

Ultraseek Server addons.



Description£º

=========



Ultraseek Server with interpreter can interpret the 

script file and execute

some correcpond functions.But Ultraseek Server 

have some bug to exploit the

script file.



Exploit:

=====



(1) run arbitrary command :



http://target:8765/null.html



Ultraseek Server will return :



The path where Ultraseek Server install and other 

information.



(2) we can get the content of source code files with 

this bug too:



http://target:8765/index.html/



Ultraseek Server will return the conten of index.html 

and other source

code which work for Ultraseek Server.



Sample:

=======

http://www.sun.com.cn:8765/index.html/





Solution:

=======



None



DISCLAIMS:

========

THE INFORMATION PROVIDED IS RELEASED BY 

CHINANSL "AS IS" WITHOUT WARRANTY OF ANY

KIND. CHINANSL DISCLAIMS ALL WARRANTIES, 

EITHER EXPRESS OR IMPLIED, EXCEPT FOR 

THE WARRANTIES OF MERCHANTABILITY. IN NO 

EVENTSHALL CHINANSL BE LIABLE FOR ANY 

DAMAGES WHATSOEVER INCLUDING DIRECT, 

INDIRECT, INCIDENTAL,CONSEQUENTIAL, LOSS 

OF BUSINESS PROFITS OR SPECIAL DAMAGES, 

EVEN IF CHINANSL HAS BEEN ADVISED OF THE 

POSSIBILITY OF SUCH DAMAGES. DISTRIBUTION 

OR REPRODUTION OF THE INFORMATION IS 

PROVIDED THAT THE ADVISORY IS NOT 

MODIFIED IN ANY WAY.



Copyright 1999-2000 CHINANSL. All Rights 

Reserved. Terms of use.





CHINANSL Security Team (http://www.chinansl.com)