TeamShare TeamTrack目录遍历漏洞

漏洞信息详情

TeamShare TeamTrack目录遍历漏洞

• CNNVD编号：CNNVD-199910-009
• 危害等级： 中危
  
  
• CVE编号：
  CVE-1999-0933
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  1999-10-01
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  teamshare
• 漏洞来源：
  Posted to bugtraq …

TeamTrack web服务器存在漏洞。远程攻击者借助..(点 点）攻击读取任意文件。

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
This issue has been resolved in TeamTrack 4.0, which should be available as of January 2000.
It is possible and recommended by TeamShare to use IIS or FastTrack servers with TeamTrack 3.0 instead of the built-in server. Instructions are provided on the TeamShare website, at:
http://www.teamtrack.com/support/kbase/ReadmeSP4.txt (requires username and password)
The following is quoted verbatim from an email to Security Focus from TeamShare:
“…customers and evaluators of the TeamTrack software can check to ensure that the TeamTrack Web Server is not running by disabling the TeamTrack Web Server service in Windows NT, and uninstalling the software from any Windows 95 or 98 computers not currently evaluating the software. Evaluations on all platforms can be performed using the Microsoft Personal Web Server, freely downloadable and without risk of this type of attack – instructions can be found in all readme files provided with the TeamTrack software.
Please feel free to have customers contact our support department at with any followup.”
@teamshare.com>

来源: BID
名称: 689
链接:http://www.securityfocus.com/bid/689

来源: OSVDB
名称: 1096
链接:http://www.osvdb.org/1096