Info

Disclosure

Feb 08, 2010

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Feb 05, 2010

Description

Gefest Web Home Server contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., \../\../) supplied via the URL address. This directory traversal attack would allow the attacker to access arbitrary files on the web server.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Gefest

Web Home Server

1.0

References

Secunia Advisory ID: 38477
Vendor Specific Solution URL: http://clearweb.org.ua/download_now.htm
Vendor Specific News/Changelog Entry: http://freshmeat.net/projects/gefest-web-home-server/releases/311970
Vendor URL: http://gzmweb.com/
Other Advisory URL: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-010-gefest-web-homeserver-directory-traversal/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/62212