MyDMS dot dot file download
| mydms-dotdot-file-download (17058) |  Medium Risk |
Description:
MyDMS could allow a remote authenticated attacker to download arbitrary files. By sending a specially-crafted URL request for a file containing "dot dot" sequences (../) to traverse directories and download arbitrary files outside of the root directory and obtain sensitive information, including user's passwords.
Consequences:
Obtain Information
Remedy:
Upgrade to the latest version of MyDMS (1.4.3 or later) available from the MyDMS Web site. See References.
References:
- BugTraq Mailing List, Fri Aug 20 2004 - 17:50:36 CDT: Multiple vulnerabilities in MyDMS.
- BugTraq Mailing List, Sun Aug 22 2004 - 12:56:32 CDT: Bugs fixed in Version 1.4.3.
- MyDMS Web site: MyDMS.
- BID-10996: MyDMS SQL Injection Vulnerability And Directory Traversal Vulnerability
- CVE-2004-1733: Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
- SA12340: MyDMS SQL Injection and Directory Traversal Vulnerabilities
Platforms Affected:
- Open Source MyDMS
Reported:
Aug 20, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net