-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

*/This is Mrtg Web Frontend 14all.cgi bug. You may find the revised
security announcement below/*

Mrtg/RRD 14all.cgi Path Disclosure Vulnerability

Type:
Input Validation Error

Release Date:
February 4, 2002

Product / Vendor:
14all.cgi is a CGI script to create html pages and graphics for Mrtg.

http://www.uni-ulm.de/~rbawidam/mrtg-rrd/

Summary:
If an attacker submits a web request containing unexpected arguments
for script variables, an error message will be displayed containing
the path to the webroot directory of the server running the Mrtg/RRD
14all.cgi script.

http://host/mrtg.cgi?cfg=blabla

Tested:
Mrtg/RRD 14all.cgi v1.1p15

Vulnerable:
Mrtg/RRD 14all.cgi v1.1p15

And may be other.

Demonstration:
http://barnes.bloomu.edu/cgi-bin/mrtg.cgi?cfg=blabla

Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPF7KLLuLpFMrXtywEQItPwCgzGvt7T7ItvgeJ0UJFEYooKTuDzAAni6w
9nucGLm3nrZa/pKhR+KgRlY1
=GAn1
-----END PGP SIGNATURE-----