-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability Type: File Disclosure Release Date: January 10, 2002 Product / Vendor: Eserv Mail, News, Web, FTP and Proxy Servers for Win95/98/NT/2000 http://www.eserv.ru Summary: The vulnerability allows you to view any password protected files and folders on the webserver. http://host/./passwordprotected/ Example: All services control panel. http://host/./admin/ Tested: Windows 2000 / Eserv 2.97 Vulnerable: Eserv 2.97 (And may be other.) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPDzSLbuLpFMrXtywEQJI+gCg1oKSgv5sB0sbDpLQ7vOgLt3uXacAoPZG 2z9kL3NZbT5BAErnopuXiBm1 =zRLx -----END PGP SIGNATURE-----
