On Tue, 6 Feb 2001 [EMAIL PROTECTED] wrote:
> Vulnerability in AOLserver
>
> Overview
>
> AOLserver v3.2 is a web server available from http://www.aolserver.com.
> A vulnerability exists which allows a remote user user to break out of the
> web root using relative paths (ie: '...').
>
> Details
>
> AOLServer checks the requested virtual path for any double dots ('..'),
> and returns a 'Not Found' error page if any are present. However, it
> does not check for triple dots ('...'). Here is an example URL:
>
> http://localhost:8000/.../[file outside web root]
>
> Note that this vulnerability has only been tested on the latest stable
> release (v3.2) for the Win32 platform.
>
> Solution
>
> No quick fix is possible.
>
> Vendor Status
>
> America Online, Inc. was contacted via http://www.aolserver.com/feedback/
> on Tuesday, January 30, 2001. No reply was received.
Here's a possible "quick fix". It took me five minutes, but that was just
because I had to download AOLserver for Windoze and install it. Simply
copy the following Tcl code into a .tcl file in either the servers private
or public Tcl library (c:\program files\aolserver\modules\tcl in the
default Windows installation) and restart AOLserver.
#### cut here ####
ns_register_filter preauth GET /* windows_triple_dot_check
ns_register_filter preauth POST /* windows_triple_dot_check
ns_register_filter preauth HEAD /* windows_triple_dot_check
proc windows_triple_dot_check {args} {
if {[string match */...* [ns_conn url]]} {
ns_returnforbidden
return filter_return
} else {
return filter_ok
}
}
#### cut here ####
Regards,
Michael A. Cleverly
[EMAIL PROTECTED]
