Oliver's Blog Yet Another Needless BLOG

19.1.2008

BitDefender – Unauthorized Remote File Access Vulnerability

Filed under: Advisories,linkedin — oliver.karow @ 13:31

Today I published an advisory for the BitDefender Update Server. BitDefender is one of the larger vendors for Antivirus software.

The update servers function is to deliver new Antivirus patterns and engine updates to the software clients. Therefore it is using the http protocol and a http daemon. The daemon does not require authentication and is vulnerable to the oldest vulnerability known for webservers: The directory traversal attack.

This means everyone who is able to connect to the port of the Update Server with his webbrowser, is able to read all files on the server (at least on the same partition/drive), including Windows configuration files, password files etc., etc.

It also seems, that BitDefender does not have a dedicated response team, responsible for vulnerabilities within their own products. The mail I send to them, in order to inform them about their vulnerability was responded by an automated mail, requesting me to register on their website in order to access their support material…… sorry guys, i dont have time for such games…. please learn how other AV- and Softwarevendors are handling this!!!

You can find the original advisory here.

More of my humble advisories can be found on my website….

21 Comments

  1. Toter Link.
    Bitte um Berichtigung, will ihn/es ja lesen. 🙂

    Kommentar by xaitax — 19.1.2008 @ 13:47

  2. Muss das erstmal hochladen… bin nicht so gut am computer, daher dauert das etwas länger.

    Aber die Zusammenfassung ist die: Lade dir irgendeine Enterprise Software von Bitdefender runter, installiere Sie, aktiviere den Update Server und mache dann ein: echo -e „GET /../../boot.ini HTTP/1.0\r\n\r\n“ | nc host port

    PS: Ich versuche mal im laufe des WE das advisory hochzuladen!

    Kommentar by oliver.karow — 19.1.2008 @ 13:53

  3. torrent UMPlayer…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent UMPlayer — 7.3.2013 @ 14:05

  4. minecraft for free…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by minecraft for free — 9.3.2013 @ 00:23

  5. torrents WebcamMax…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents WebcamMax — 9.3.2013 @ 09:54

  6. torrents Internet Download Manager…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents Internet Download Manager — 10.3.2013 @ 08:43

  7. torrent download WinZip…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent download WinZip — 15.3.2013 @ 04:48

  8. torrent Easeus Partition Master Home Edition…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent Easeus Partition Master Home Edition — 15.3.2013 @ 07:04

  9. torrent download GOM Media Player…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent download GOM Media Player — 16.3.2013 @ 01:42

  10. torrents cracked Free CUDA Video Converter…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents cracked Free CUDA Video Converter — 17.3.2013 @ 03:39

  11. torrent download UMPlayer…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent download UMPlayer — 17.3.2013 @ 09:01

  12. torrent KMPlayer…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent KMPlayer — 21.3.2013 @ 08:56

  13. torrents cracked KMPlayer…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents cracked KMPlayer — 23.3.2013 @ 02:08

  14. torrents Skype…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents Skype — 24.3.2013 @ 00:55

  15. torrents Advanced SystemCare…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents Advanced SystemCare — 24.3.2013 @ 04:24

  16. torrents Avast Free Antivirus…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents Avast Free Antivirus — 24.3.2013 @ 16:23

  17. torrents RealPlayer…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrents RealPlayer — 26.3.2013 @ 06:13

  18. torrent Start Menu 8…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent Start Menu 8 — 26.3.2013 @ 23:14

  19. torrent Total Video Converter…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by torrent Total Video Converter — 1.4.2013 @ 16:39

  20. lawrence crane enterprises…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by lawrence crane enterprises — 2.4.2013 @ 17:55

  21. video=xmrr8o…

    BitDefender – Unauthorized Remote File Access Vulnerability « Oliver’s Blog…

    Trackback by video=xmrr8o — 5.4.2013 @ 08:01

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress