||Home : Advisories : HomeSeer Directory Traversal Vulnerability|
||HomeSeer Directory Traversal Vulnerability
||Strumpf Noir Society
||7th December 2000
Strumpf Noir Society Advisories
! Public release !
-= HomeSeer Directory Traversal Vulnerability =-
Release date: Thursday, December 7, 2000
HomeSeer is home automation software for Windows 2000, Windows NT,
Windows 98, and Windows 95 that uses inexpensive X10 technology to
control your lights, appliances, and audio/video equipment. A webserver
is build in, allowing you to even remote control your appliances over
HomeSeer can be found at vendor Keware's website,
Adding the string "../" to an URL allows an attacker to files outside
of the webserver's publishing directory. This allows read access to any
file on the server. Example: http://localhost:80/../../../autoexec.bat
reads the file "autoexec.bat" from the partition's root dir.
Vendor has been notified and has acknowledged this problem. It has been
fixed in the 1.4.29 (beta-)version of the HomeSeer software which is
availble from http://www.keware.com/kewarebeta.htm and will be included
in the future 1.5 release.
This was tested against HomeSeer 1.4. Older versions can be expected to
vulnerable, users are encouraged to upgrade.
SNS Research is rfpolicy (http://www.wiretrip.net/rfp/policy.html)
compliant, all information is provided on AS IS basis.
EOF, but Strumpf Noir Society will return!