< back to advisories

Directory Traversal In OCS Inventory NG

OCS Inventory NG - Directory Traversal                              May 30 2009

* Product

  Open Computer and Software (OCS) Inventory NG

* Vulnerable Versions

  OCS Inventory NG 1.02 (Unix)

* Vendor Status

  Vendor has been notified and the vulnerability has been fixed.

* Details

  The Open Computer and Software (OCS) Inventory Next Generation (NG) provides
  relevant inventory information about system configurations and software on 
  the network. The server can be managed using a web interface.
  It is possible for unauthenticated malicious users to extreact arbitrary 
  files from the hosting system.
  The cause of this vulnerability lies in the lack of secure file access and the
  fact that this can be done unauthenticated.
		} elseif (isset($_GET['log'])){
			if (file_exists($_GET['rep'].$_GET['log'])){
				$tab = file($_GET['rep'].$_GET['log']);
				while(list($cle,$val) = each($tab)) {
		 		  $toBeWritten  .= $val."\r\n";

* Impact

  Attackers may be able to read arbitrary files containing sensitive 
  information from the hosting system.

* Exploit

  The vulnerability can be exploited by just using a web browser:


Nico Leidecker - http://www.leidecker.info