F-Secure Policy Manager - Management Agent - physical path disclosure vulnerability ===================================================================================== Version: ======== FSMSH Version 5.11.2810 - on Win32 (not tested on other platforms) Vuln: ===== A webserver is running on Port 80/tcp. Connecting to the port via a webbrowser offers the following link, available without authentication: /fsms/fsmsh.dll?FSMSCommand=GetVersion Following this link will give the Version Number of the application: 5.11.2810 However.... modifiying the link as follows: /fsms/fsmsh.dll? will give the following result, containing the physical path of the f-secure installation: FSMSH Version 5.11.2810 Started at: 04/12/07 20:18:48 Processed requests: 8780 Commdir path: C:\Programme\F-Secure\Management Server 5\CommDir COMMDIR: C:\Programme\F-Secure\Management Server 5\CommDir found C:\Programme\F-Secure\Management Server 5\CommDir\commdir.cfg found Repository API initialized - status: OK Vendor: ======= www.f-secure.com Informed by mail on 07.Dec.2004; Response at 08.Dec.; Will be fixed anytime. Discovered by: ============== oliver karow This document: http://www.oliverkarow.de/research/f-secure.txt
