Security Notice

Unfortunately, a severe security problem has been discovered in Roxen 2.x. All users are recomended to upgrade

Exploit description

Any file readable by the webserver can be fetched.

Affected systems

Roxen WebServer/Platform 2.0.92 or earlier and Roxen WebServer/Platform 2.1.264 or earlier with any of the following modules are affected:

• Normal File system
• Restricted file system
• User file system
• Frontpage Script support
• CGI scripting support
• Fast CGI support
• Plain filesystem

Roxen Platform servers with the default set of modules should be unaffected since Platform normally uses a special file system module.

Solution

Apply a patch which does URL simplification after decoding. Patches for Roxen 2.0 and 2.1 are awailable for download att download.roxen.com. Execute the following in the roxen/server/ directory:

gzip -d -c [diff file] | patch -p0

Roxen 2.2 users are recommended to do a cvs update. It is recommended to upgrade even if the required modules are not loaded. New distributions for Roxen 2.1 will be released shortly.

Credits

Problem reported by David Hedbor