Sun Solaris Management Console dot do" directory traversal

smc-dotdot-directory-traversal (16146) The risk level is classified as MediumMedium Risk

Description:

The Solaris Management Console (smc(1M)) Server running on Sun Solaris versions 8 and 9 could allow a remote attacker to traverse directories on the system, caused by a vulnerability in the serveDir and the serveFile functions. A remote attacker could send a specially-crafted HTTP request containing "dot dot" sequences (../) to traverse directories and view arbitrary files outside of the Web root directory.


Consequences:

Obtain Information

Remedy:

Apply the appropriate patch for your system, as listed below. Refer to Sun Alert ID: 57559 for more information. See References.

SPARC Platform:
Solaris 8 with patch 111313-02 or later
Solaris 9 with patch 116807-01 or later

x86 Platform:
Solaris 8 with patch 111314-02 or later
Solaris 9 with patch 116808-01 or later

References:

  • Spoofed.org Advisory Mon Sep 22 01:14:38 2003: Information disclosure with SMC webserver on Solaris 9.
  • Sun Alert ID: 57559: The Solaris Management Console (smc(1M)) Server May Disclose Information About Files on a Solaris System.
  • BID-10349: Sun Solaris Management Console Information Disclosure Vulnerability
  • BID-8873: Sun Management Center Error Message Information Disclosure Vulnerability
  • CVE-2004-1354: The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inacessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
  • OSVDB ID: 6119: Solaris SMC Web Server File Enumeration
  • SA11616: Sun Solaris SMC Web Server File Enumeration Security Issue

Platforms Affected:

  • Sun Solaris 8
  • Sun Solaris 9
  • Sun Solaris Management Console Server

Reported:

May 13, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page