[LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

[LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware
by Efrain 'ET' Torres, Colombia 2002.
   et@cyberspace.org


+Disclaimer: blah.


+Product: -SunONE Starter Kit v2.0   (Sun Microsystems)
	   CD-ROM Version
          -ASTAware SearchDisk 2002. (ASTAWARE Technologies Inc.)

+Introduction	

You are one of many, many people who have received the lastest 
Sun Microsystems SunONE Starter Kit. To Use it EASILY you need to
install a search engine:

"The Sun ONE Starter Kit (CDROM version) content spans several CDs and
browsed using a web browser and a search engine that is lauched prior
to using the CDs. The search engine allows the user to search through
html documents located on all the CDs. It functions like a normal web
search engine. The only difference is that it is used to search CDROMs.
The search engine also aids in multi-CD navigation by prompting users to
insert the correct CD when a link being followed points to another CD."

   "Without the search engine running, users won't be able to do searches
as well as follow links that point to another CD."
                              Taken from the Readme (CD1)
 

+The Search Engine

The Search engine is the ASTAware SearchDisk engine, made by ASTAware 
Technologies inc. (astaware.com). It appears that this engine is a 
modified version made for the SunONE Starter Kit.

+The Problem

When you install the search engine it asks whats the CD path (or in the 
Win version the CD Drive) and a temporal dir path. When you run the 
SearchDisk program, you just travel the Kit with your browser with a 
URL like this: 

   http://localhost:6017/only_files_included_in_the_CD_path.

The Serach engine server not only open tcp port 6017 it open ports:

Server.cfg
"Port - http service; used for Desktop Edition"  

-6015 (LISTENING) 
-6016 (LISTENING) 
-6017 (LISTENING)
-6018 (LISTENING) 

Well, The SunONE Starter Kit says:  

"You Hold the keys to begin unlocking the power of Sun(tm) ONE."
The problem is that not only you are going to unlock the power of SunONE
you and EVERYBODY can unlock your entire Hard Drive!!!. Is just a simple
Dir Transversal bug, Just:

+Exploit

http://IP_OF_SOMEONE_USING_THE_SunONE_KIT:6015/../../../../../
Access to the drive where the Astaware searchDisk is installed.

http://IP_OF_SOMEONE_USING_THE_SunONE_KIT:6016/../../../../../
Access to the drive where the temp dir is.
(C:\ ?)

The bug is so ________ (put any word here) that is difficult to
think that Sun Microsystems has shipped everywere this kit with
a buggy search engine. 

Now you dont need a trojan to access the HD
of everybody just give them a SunONE starter kit. 
"Get Knowledge"!!!!!

And its so easy to spot this bug.

+THE Fix!

Dont use your modem  or Unplug your network interface when you are 
using the Search engine in the SunONE kit...  

+Comments

....no words.


+Other stuff.

http://SearchDisk:6017/etc/Password
http://SearchDisk:6017/etc/Root
...

+ThE END

Efrain 'ET' Torres
[LoWNOISE] Colombia 2002
et@cyberspace.org
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux