Keene Digital Media Server prior 1.0.2 Directory Traversal 1.2
 
Plugin ID182
Plugin nameKeene Digital Media Server prior 1.0.2 Directory Traversal
Plugin filenameKeene Digital Media Server prior 1.0.2 Directory Traversal.plugin
Plugin filesize3331 bytes
Plugin familyHTTP
Plugin created nameNico 'Triplex' Spicher
Plugin created emailTriplex at IT-Helpnet dot de
Plugin created webhttp://triplex.it-helpnet.de
Plugin created companyhttp://www.it-helpnet.de
Plugin created date2004/09/07
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.2
Plugin changelogMade some slight modifications in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2
Plugin protocoltcp
Plugin port8080
Plugin procedure exploitopen|send GET /%2E%2E%5Csystem.log HTTP/1.0\n\n|sleep|close|pattern_exists 200
Plugin exploit accuracy95
Plugin commentThis plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de].
Bug published nameJames Bercegay
Bug published webhttp://www.gulftech.org
Bug published companyGulfTech Security Research Team
Bug published date2004/08/25
Bug advisoryhttp://www.gulftech.org/?node=research&article_id=00046-08252004
Bug affectedKeene Digital Media Server 1.0.2
Bug not affectedThe vendor has stated that the vulnerabilities will be fixed in an upcoming version 1.0.4
Bug vulnerability classDirectory Traversal
Bug descriptionThe directory traversal issue is present upon requesting files outside the webroot of the application using hex encoded directory traversal character sequences to create a relative path to the target file.This vulnerability will allow a remote attacker to retrieve potentially sensitive files, possibly aiding them in further system compromise.
Bug solutionUpgrade to Keene Digital Media Server to 1.0.4 or newer. Also limit unwanted connections and communications with firewalling if possible.
Bug fixing timeApprox. 30 minutes
Bug exploit availabilityNo
Bug remoteYes
Bug localYes
Bug severityMedium
Bug popularity2
Bug simplicity7
Bug impact7
Bug risk4
Source Secunia ID12272
Source SecuriTeam URLhttp://www.securiteam.com/windowsntfocus/5IP1200DPW.html
Source tecchannel ID3535
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.