Date: Fri, 23 Nov 2001 18:47:04 +0100
From: Bernard Margelin <bernard.margelin@vigilante.com>
To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>
Subject: Redhat Stronghold Secure Server File System Disclosure Vulnerabil ity
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Redhat Stronghold Secure Server File System Disclosure Vulnerability
Advisory Code: VIGILANTE-2001002
Release Date: November 23, 2001
Systems affected:
Stronghold/3.0 Apache/1.3.19 RedHat/3014 (Unix) PHP/3.0.18
mod_ssl/2.8.1 OpenSSL/0.9.6 mod_perl/1.25
Systems not affected:
Stronghold/3.0 build 3015
The problem:
In Redhat Stronghold from versions 2.3 up to 3.0 a flaw exists that
allows a remote attacker to disclose sensitive system files including
the httpd.conf file, if a restricted access to the server status
report is not enabled when using those features.
This may assist an attacker in performing further attacks.
By trying the following urls, an attacker can gather sensitive
information :
http://target/stronghold-info will give information on configuration
http://target/stronghold-status will return among other information
the list of request made
Please note that this attack can be performed after a default
installation. The vulnerabiliy seems to affect all previous version
of Stonghold.
Vendor status:
Stronghold was contacted October 30, 2001 and answered the same day.
2 days later, they told us that they would release a patch soon. The
patch was finally released November 19, 2001.
Vulnerability Assessment:
A test case to detect this vulnerability was added to SecureScan NX
in the upgrade package of November 23, 2001. You can see the
documentation of this test case 17227 on SecureScan NX web site at
http://securescannx.vigilante.com/tc/17227
Fix:
Installing Stronghold/3.0 build 3015 will solve the problem.
CVE:
Common Vulnerabilities and Exposures group ( reachable at
http://cve.mitre.org/ ) was contacted to get a candidat number.
Credit:
This vulnerability was discovered by Madalina Andrei and Reda
Zitouni, members of our Security Watch Team at Vigilante. We wish to
thank Stronghold for their fast answer to fix this problem.
Copyright VIGILANTe.com, Inc. 2001-11-23
Disclaimer:
The information within this document may change without notice. Use
of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences
whatsoever arising out of or in connection with the use or spread of
this information. Any use of this information lays within the user's
responsibility.
Feedback
Please send suggestions, updates, and comments to isis@vigilante.com
VIGILANTe Vulnerability Disclosure Policy:
http://www.vigilante.com/inetsecurity/advisories/vulnerability_disclos
ure_policy.htm
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBO/6LmFc0qcp4Y4PuEQJR6gCgs3CqnGKQq9pEUfIJmEZvz2ERZCEAoOZq
O/B029dfrPDPjR6euRLIU3qh
=2u8C
-----END PGP SIGNATURE-----
