header-logo
Suggest Exploit
vendor:
Tarantella Enterprise 3
by:
SecurityFocus
8,8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: Tarantella Enterprise 3
Affected Version From: 3.0
Affected Version To: 3.0.2
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: o:sco:tarantella_enterprise_3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux
2001

Directory Traversal in Tarantella Enterprise 3

ttawebtop.cgi is a CGI script included with the Tarantella, formerly SCO. It is designed as a management tool, designed to allow a user clicking a link to display and resume an application at any time. However, it does not sufficiently validate input, allowing a remote user to traverse the directory structure and view any file that is readable by the webserver process. This can be done by appending "../../../../../../../../../../../../../../../etc/passwd" to the URL.

Mitigation:

Upgrade to Tarantella Enterprise 3.1 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2890/info

Tarantella Enterprise 3 is a tool for centralized management of data and applications. It is operated via a web interface. It will run on a number of Unix and Linux distributions.

ttawebtop.cgi is a CGI script included with the Tarantella, formerly SCO. ttawebtop.cgi is designed as management tool, designed to allow a user clicking a link to display and resume an application at any time.

ttawebtop.cgi does not sufficiently validate input. In not doing so, it's possible for a remote user to traverse the directory structure, and view any file that is readable by the webserver process. 


http://xxx/tarantella/cgi-bin/ttawebtop.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd

Navigation

Suggest Exploit

Services By CQR