Date: Thu, 29 Aug 2013 18:35:00 +0000 (GMT) From: "Larry W. Cashdollar" <larry0@...com> To: Open Source Security <oss-security@...ts.openwall.com> Subject: YingZhi Python Programming Language for iOS ftp .. bug & httpd arbitrary upload Hi, I'd like to request a CVE for these vulnerabilities I disclosed back on Sept 27 2012. YingZhi Python Programming Language for iOS Vendor: XiaoWen Huang, YingZhi Python for iOS. Ver 1.9. OSVDB IDs: 96719 & 96720 Product Websites http://sosilen.blog.163.com http://www.iphoneappstorm.com/iphone-apps/utilities/com.yingzhi.python/yingzhipython.php?id=493505744 YingZhi Description: Python Interpreter is a native python development application for the iPad/iPhone. It is available for iOS 4 and above. The product is packaged with its own httpd and ftpd servers. Enabling the local daemons for development by Touching Computer<->This Machine starts up an httpd server and ftpd server, both daemons are bound to device IP not localhost. Vulnerabilities: httpd server allows upload of arbitrary files to root WWW directory. Browsing to http://<target_ip>:8080/ presents an index page in which anyone can upload files to the web servers root directory. ftp server vulnerable to ../ bug The ftp server doesn't sanitize user input and allows remote users to read and possibly write to the devices storage. ftp://192.168.0.24:10000/../../../../../../../private/etc/passwd The ftp server doesn't bother authenticating users, any username/password combination will allow you in. Larry W. Cashdollar @_larry0 http://vapid.dhs.org/advisories/python_for_ipad.html http://seclists.org/fulldisclosure/2012/Sep/199 [ CONTENT OF TYPE text/html SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ