| VID |
22196 |
| Severity |
40 |
| Port |
8000 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The WsMp3 daemon has a directory traversal vulnerability, which allows remote attackers to read and execute arbitrary files within the Web server. WsMp3d is a a mp3 streaming web server. By sending a specially-crafted HTTP GET or POST request containing "dot dot" sequences (../../), remote attackers can read and execute files that reside outside of the Web root with the privileges of the Web server.
For example, by issuing the following request to port 8000:
POST /dir/../../../../../../bin/ps HTTP/1.0(enter)(enter)
The affected Web server will show you the process list of the server.
* Platforms Affected:
WsMp3 daemon (WsMp3d) 0.0.10 and earlier
* References:
http://wizard.underattack.co.kr/~x82/h0me/adv1sor1es/2002-0x82-006-a.wsmp3bug.pdf
http://www.securiteam.com/unixfocus/5TP0P0AA0U.html
http://www.securityfocus.com/archive/1/322111
http://marc.theaimsgroup.com/?l=bugtraq&m=105353168619211&w=2
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0077.html |
| Recommendation |
No remedy available as of June 2014.
Disable this service until upgrade for this flaw will be released. If the upgrade is released, then you can download it from http://wsmp3.sourceforge.net/download.html |
| Related URL |
CVE-2003-0338 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
