StarOffice StarScheduler任意文件读取漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105741 漏洞类型 输入验证
发布时间 2000-03-09 更新时间 2005-05-02
CVE编号 CVE-2000-0174 CNNVD-ID CNNVD-200003-018
漏洞平台 Unix CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/19797
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200003-018
|漏洞详情
StarOfficeStarSchedulerweb服务器存在漏洞。远程攻击者借助..(点点)攻击可以读取任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/1040/info

StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.

http://starscheduler_server:801/../../../../etc/shadow
|参考资料

来源:BID
名称:1040
链接:http://www.securityfocus.com/bid/1040
来源:BUGTRAQ
名称:20000308[SAFER000309.EXP.1.4]StarScheduler(StarOffice)vulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html