[1][USEMAP:frame_r1_c1.gif] [frame_r1_c3.gif] [2]Japanese SNS Advisory [title2_r1_c1.gif] [3][GoIndex.gif] [4][GoBack.gif] 39 [5][GoNext.gif] [6]Japanese Edition SNS Advisory No.39 WinWrapper Professional 2.0 Remote Arbitrary File Disclosure Vulnerability Problem first discovered: Mon, 16 Jul 2001 Published: Mon, 20 Aug 2001 _________________________________________________________________ Overview: WinWrapper Professional 2.0 is a firewall software that provides Web-based remote console. This console contains a vulnerability that allows attackers to read arbitrary files. Problem Description: WinWrapper Professional 2.0 is a firewall software which is developed by ASCII NT, INC. It is designed to protect WindowsNT/2000 systems, and provides additional Web-based capability of remote administration. But the program which is used as remote administration server contains a vulnerability. It is possible to read arbitrary files on the target system with Local System context. example: http://:4096/../../../winnt/repair/sam note: 4096 is the port number used by default. Tested Version: WinWrapper Professional 2.0 Ver.2.0.0 Tested OS: Windows 2000 Server + SP2 [Japanese] Patch Information: Fixed module (Ver.2.0.1) is available on following URL: [7]http://www.tsc.ant.co.jp/products/download.htm Discovered by: ARAI Yuu (LAC )[8]y.arai@lac.co.jp Disclaimer: All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information. _________________________________________________________________ Copyright(c) 1995-2002 Little eArth Corporation References 1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/39_e.html#r1_c1Map 2. http://www.lac.co.jp/security/index.html 3. http://www.lac.co.jp/security/english/snsadv_e/index.html 4. http://www.lac.co.jp/security/english/snsadv_e/38_e.html 5. http://www.lac.co.jp/security/english/snsadv_e/40_e.html 6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/39.html 7. http://www.tsc.ant.co.jp/products/download.htm 8. mailto:y.arai@lac.co.jp