USSR Advisory #17 - Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability. UssrLabs found a Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Using the string '../' in a URL, an attacker can gain read access to any file outside of the intended web-published filesystem directory.
2247efb7567305f9b3f50ddf74814db5596118e77f0cbe037ea0fc1541e52c52
<html>
<head>
<title>u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<!--#exec cgi="/cgi-bin/hitslogger.cgi"-->
<body bgcolor="#FFFFFF" text="#000000" link="#486090" vlink="#485888" alink="#405888">
<table border="0" width="96%" cellspacing="20" cellpadding="20" height="610">
<tr>
<td height="712">
<center>
<table border="0" cellspacing="2" cellpadding="2" width="100%">
<tr>
<td colspan="2" align="LEFT" valign="MIDDLE" bgcolor="#309880"><font face="Verdana" size="-1" color="#FFFFFF">
<font size="+1"><a name="org"></a>Symantec Mail-Gear 1.0 Web interface
Server Directory Traversal Vulnerability</font></font></td>
</tr>
<tr>
<td width="29%" align="LEFT" valign="TOP"> </td>
<td width="71%" align="LEFT" valign="TOP"> </td>
</tr>
<tr>
<th width="29%" align="LEFT" valign="TOP" height="39">
<p><font face="Verdana" size="-1"> Symantec Mail-Gear 1.0 Web interface</font></p>
</th>
<td width="71%" align="LEFT" valign="TOP" height="39"><font face="Verdana" size="-1">
</font><font face="Verdana" size="-1"> Mail-Gear 1.0</font></td>
</tr>
<tr>
<th width="29%" align="LEFT" valign="TOP" height="661">
<p> </p>
</th>
<td width="71%" align="LEFT" valign="TOP" height="661">
<p><b>PROBLEM</b></p>
<p> UssrLabs found a Symantec Mail-Gear 1.0 Web interface Server
Directory Traversal Vulnerability </p>
<p>Using the string '../' in a URL, an attacker can gain read access
to any file outside of the intended web-published filesystem directory
</p>
<p>There is not much to expand on this one.... </p>
<p><b>Example: </b></p>
<p>http://ServerIp:8003/Display?what=../../../../../autoexec.bat
to show autoexec.bat </p>
<p><b>Vendor Status:</b></p>
<p> Contacted </p>
<p>Vendor Url: http://www.symantec.com/urlabs/public/index.html
</p>
<p><b>Program Url: </b>http://www.symantec.com/urlabs/public/download/download.html</p>
<p> Credit: USSRLABS </p>
<p><b>SOLUTION:</b></p>
<p> Upgrade to Symantec Mail-Gear 1.1 </p>
<p>u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a
r c h </p>
<p align="left"> </p>
</td>
</tr>
</table>
<p> </p>
</center>
</td>
</tr>
</table>
</body>
</html>