The Google Search Appliance contains a flaw that allows a remote attacker to verify the existance of a file. The issue is due to the proxystylesheet parameter in the search request, which doesn't check for a directory traversal in the file name. This allows an attacker to prepend a ../ sequence to an absolute file path and verify its existance based on the error message returned.

Upgrade to the version specified by Google advisory GA-2005-08-m, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015246
• Bugtraq ID: 15509
• Secunia Advisory ID: 17644
• CVE ID: 2005-3755 (see also: NVD)
• Metasploit ID: 20977
• Related OSVDB ID: 20978 20979 20980 20981
• VUPEN Advisory: ADV-2005-2500
• Other Advisory URL: http://metasploit.com/research/vulns/google_proxystylesheet/
• News Article: http://news.techwhack.com/2526/221129-google-fixes-security-flaws-in-google-mini/
  http://www.eweek.com/article2/0,1895,1891796,00.asp
  http://www.techworld.com/networking/news/index.cfm?NewsID=4840
  http://www.webpronews.com/insiderreports/searchinsider/wpn-49-20051122GoogleMiniNeededBigSecurityPatch.html

• H D Moore - hdmmetasploit.com - DigitalOffense