what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Jan 24, 2008
Authored by Felipe Daragon, Alec Storm | Site syhunt.com

HFS versions 2.2 through 2.3 suffer from arbitrary file manipulation and denial of service vulnerabilities.

tags | advisory, denial of service, arbitrary, vulnerability
advisories | CVE-2008-0405, CVE-2008-0406
SHA-256 | b808645f02dd720f4b5dc129b8f8e58df6ca146c7b5158604938c0d0f8bbd55e


Change Mirror Download
Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory
Manipulation and Denial-of-Service Vulnerabilities

Advisory-ID: 200801162
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 2.2 to and including 2.3(Beta Build
Non-Affected Applications: HFS 2.1d and earlier versions
Class: Arbitrary File/Directory Manipulation, Denial of Service
Status: Patch available/Vendor informed
Vendor: Massimo Melina
Vendor URL: http://www.rejetto.com/hfs -or- hfs.sourceforge.net

The Common Vulnerabilities and Exposures (CVE) project has
assigned the following CVEs to these vulnerabilities:
* CVE-2008-0405 - Arbitrary File/Folder Creation Vulnerability
* CVE-2008-0406 - Denial of Service (DoS) Vulnerability


HFS is a very popular open source HTTP server designed for
easily sharing files. According to information on the official
website, the HTTP File Server software has been downloaded about
2 million times.

HFS (versions 2.2 to 2.3 beta) will not check if an account name
provided during navigation exists or contains any invalid chars
before logging information about a request. This is specially
dangerous if the server has been configured to use account names
as log filenames.

In this case, a remote attacker can use this flaw to create
arbitrary files, append data to arbitrary files, create
arbitrary folders or launch a DoS attack against the server.
Technical details are included below.


Details (Replicating the issues):
1) Arbitrary File/Directory Manipulation Vulnerability
See the "mkd" and "manipf" commands

Example 1 - Arbitrary Directory Creation:
If HFS is running (for e.g.) in the C:\HFS directory, you can
create the C:\Syhunt\ directory by entering:
mkd ..\Syhunt

Example 2 - Arbitrary File Creation/Manipulation:
manipf [localfilename] [remotefilename]
manipf inject.html ..\Syhunt\index.html

This example would create the file "C:\Syhunt\index.html" and
append the content of the file "inject.html" to it.

2) Denial of Service (DoS) Vulnerability
"checkdos" command

* HFS will close immediately after receiving the DoS request

* This issue is related to Windows limitations with long
filenames. XP has a limit of 255 characters; Windows Vista a 260
chars limit.


Vulnerability Status:
The vendor was contacted and has immediately released HFS 2.2c
which fixes these problems. The new version can be downloaded at
www.rejetto.com/hfs/download or via the "Check for news/updates"
option in the HFS menu.

As a workaround for the affected releases, users can temporarily
disable the logging feature or remove the %user% symbol from the
log filename.

Testers of HFS 2.3 Beta should upgrade to the latest 2.3 beta

HFS 2.3 Beta specifically is only affected if the option
"Accept any login for unprotected resources" is enabled. This
option, introduced in this version, is disabled by default.


Felipe Aragon and Alec Storm
Syhunt Security Research Team, www.syhunt.com


Copyright © 2008 Syhunt Security

The information in this advisory is provided "as is" without
warranty of any kind. Details provided are strictly for
educational and defensive purposes.

Syhunt is not liable for any damages caused by direct or
indirect use of the information provided by this advisory.
Login or Register to add favorites

File Archive:

May 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    15 Files
  • 2
    May 2nd
    16 Files
  • 3
    May 3rd
    38 Files
  • 4
    May 4th
    15 Files
  • 5
    May 5th
    35 Files
  • 6
    May 6th
    0 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    8 Files
  • 9
    May 9th
    65 Files
  • 10
    May 10th
    19 Files
  • 11
    May 11th
    27 Files
  • 12
    May 12th
    8 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    1 Files
  • 15
    May 15th
    19 Files
  • 16
    May 16th
    66 Files
  • 17
    May 17th
    28 Files
  • 18
    May 18th
    32 Files
  • 19
    May 19th
    13 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    23 Files
  • 23
    May 23rd
    15 Files
  • 24
    May 24th
    49 Files
  • 25
    May 25th
    20 Files
  • 26
    May 26th
    13 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By