----- Begin Hush Signed Message from [EMAIL PROTECTED] -----
Vulnerability in Viking Web Server
Overview
Viking v1.07 is a 'multi-protocol-internet-server' available from
http://www.robtex.com. A vulnerability exists with the web server
which allows a remote user to break out of the web root using relative
paths (ie: '...').
Details
The following URL can be used to demonstrate the problem:
http://localhost/\...\[file outside of web root]
Solution
The vendor, RobTex, has issued a beta version which fixes the problem.
It is available at: http://www.robtex.com/viking/dl.htm
Vendor Status
RobTex was contacted via <[EMAIL PROTECTED]> on
Saturday, April 21, 2001. A prompt response stating that
the vulnerability was fixed was received the next day.
- Joe Testa
e-mail: [EMAIL PROTECTED]
web page: http://hogs.rit.edu/~joet
AIM: LordSpankatron
----- Begin Hush Signature v1.3 -----
CtPyLI+vRE6ihHYxv91LtfEwdULnuaDkF+LluHYTAA2l5OuOhc+KLgoN9IFdn83haaOF
K7jw1s9J4hXvGlCvHTHe4IA+sdINSjWvpe+WM/Mz9/knxIfSnmgadIcyVLKV4rzL2iYt
sexpMQa1BbRYQVLNSepdISjVIVhn1Q4Aj/DWXwA56qiLX1d3FKHuYlktBuD6j1yvyb/J
77KiL0c7R+uPP3J8VN6tLkHx+hStGTrR2UgDtcDZapDJezXXgdPYVN6u5wI84apCCQcK
Jcbl4CWcr4BElL/T7g+hJj4IuevwKGCU8W+3aVkeFsrf8xnLJYTt23jskWgm/fH2VKTg
UIznG9WMZqczMIR8CFRX0wKwEzZeOJRN4JuiSjRAaKCEu18pxcSNAJ6WISg3Msd0DU4O
ziX0qVvL7DDSOUofcXXtP8kg5wGYb6TyYhaqcnMHbhB8b5M/YZufmVRcVgNVVpRCMjmD
GrDjAVl6GQVhAOuTSchKj9V8BEiBpikvydMXcFTA5m++
----- End Hush Signature v1.3 -----
This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools
Free, encrypted, secure Web-based email at www.hushmail.com
