-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Redhat Stronghold Secure Server File System Disclosure Vulnerability Advisory Code: VIGILANTE-2001002 Release Date: November 23, 2001 Systems affected: Stronghold/3.0 Apache/1.3.19 RedHat/3014 (Unix) PHP/3.0.18 mod_ssl/2.8.1 OpenSSL/0.9.6 mod_perl/1.25 Systems not affected: Stronghold/3.0 build 3015 The problem: In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that allows a remote attacker to disclose sensitive system files including the httpd.conf file, if a restricted access to the server status report is not enabled when using those features. This may assist an attacker in performing further attacks. By trying the following urls, an attacker can gather sensitive information : http://target/stronghold-info will give information on configuration http://target/stronghold-status will return among other information the list of request made Please note that this attack can be performed after a default installation. The vulnerabiliy seems to affect all previous version of Stonghold. Vendor status: Stronghold was contacted October 30, 2001 and answered the same day. 2 days later, they told us that they would release a patch soon. The patch was finally released November 19, 2001. Vulnerability Assessment: A test case to detect this vulnerability was added to SecureScan NX in the upgrade package of November 23, 2001. You can see the documentation of this test case 17227 on SecureScan NX web site at http://securescannx.vigilante.com/tc/17227 Fix: Installing Stronghold/3.0 build 3015 will solve the problem. CVE: Common Vulnerabilities and Exposures group ( reachable at http://cve.mitre.org/ ) was contacted to get a candidat number. Credit: This vulnerability was discovered by Madalina Andrei and Reda Zitouni, members of our Security Watch Team at Vigilante. We wish to thank Stronghold for their fast answer to fix this problem. Copyright VIGILANTe.com, Inc. 2001-11-23 Disclaimer: The information within this document may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. Any use of this information lays within the user's responsibility. Feedback Please send suggestions, updates, and comments to isis@vigilante.com VIGILANTe Vulnerability Disclosure Policy: http://www.vigilante.com/inetsecurity/advisories/vulnerability_disclos ure_policy.htm -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.1 iQA/AwUBO/6LmFc0qcp4Y4PuEQJR6gCgs3CqnGKQq9pEUfIJmEZvz2ERZCEAoOZq O/B029dfrPDPjR6euRLIU3qh =2u8C -----END PGP SIGNATURE-----
