TITLE: VistaPortal Standard Edition Arbitrary File and Full Path Disclosure SECUNIA ADVISORY ID: SA18994 VERIFY ADVISORY: http://secunia.com/advisories/18994/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From remote SOFTWARE: VistaPortal Standard Edition 2.x http://secunia.com/product/8261/ DESCRIPTION: P Robinson has reported some vulnerabilities and a weakness in VistaPortal Standard Edition, which can be exploited by malicious people to disclose system and sensitive information. 1) Some unspecified input validation errors can be exploited to disclose the content of arbitrary files via directory directory traversal attacks by requesting specially crafted URLs. 2) An input validation error in the handling of the server field can be exploited to disclose the full path to the installation by supplying a non-existing server. The vulnerabilities and the weakness have been reported in version 2.0 Build 20087 on Solaris 8. Other versions may also be affected. SOLUTION: 1) Apply hotfix IV00038969. 2) Edit the source code to ensure that error messages containing the full path to the installation are not returned to users. PROVIDED AND/OR DISCOVERED BY: P Robinson, IRM Plc ORIGINAL ADVISORY: http://www.irmplc.com/advisory017.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------