FWD from ntsecurity. See ntsecurity archive for original postings: [begin] I am running Web servers using three different servers, Netscape Enterprise 2.0 on Solaris 2.5.1, Apache 1.2b11 on BSDI 3.0 and Netscape Enterprise 3.5.1 on NT 4.0 Server w/128-bit SP3. In testing these for the /?PageServices query, only the Netscape Enterprise 3.5.1 server running on NT [This is not limited to NT. See below, last post...]produce a directory listing of the docs root. The Page Services function is a menu item under View in Netscape Navigator 4.xx and Communicator. All one has to do is load up a Web page, go to View on the menu bar and see it Page Services is activated. If it is, select it and you'll get back a directory listing of the Web server docs root. If there are subdirectories in this root, you can see a listing of all the files in these as well. I have yet to look at Netscape's site for any news about this problem, but for now I have turned off the Web server using Enterprise 3.5.1. >Date: Thu, 13 Aug 1998 23:01:04 +1000 >From: "Simon Johnson" <simon.johnsonat_private> >Subject: Re: [NTSEC] Netscape Server Security Hole? > >TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoat_private >Contact ntsecurity-ownerat_private for help with any problems! >- ------------------------------------------------------------------------- -- > >Hello, > >In relation to the /?PageServices query, I think its a misconfiguration of >the Web server. I have just finished testing 10 different Web servers for >this query. The following servers were not vulnerable: > >Netscape Enterprise 2.01 >Netscape Commerce 1.12 >Oracle Web Listener 4.0.6.2.0 Enterprise Edition >Apache 1.2.1. >Apache 1.2.5. >Apache/1.3.1 (Unix) mod_perl/1.15 >Apache/1.2.6 >Domino Go Webserver 4.6 > >The Web servers mentioned in Tim Ehrhart's original message are running the >following: > >Netscape Enterprise 2.01 - www.symantec.com >Netscape Enterprise 3.5.1 - redirect.cnet.com > >However I did find that two servers that produced a "Server Error" message. >They were: > >Netscape Enterprise 3.5.1C >Netscape Enterprise 3.5 For NetWare > >I have not tested these two servers to see why they crashed. Nor am I >planning to. > >:-) > >Best regards, > >Simon Johnson >Technical Director >Shake Communications >Experts in Internet and Information Security >http://www.shake.net > >------------------------------ -----Original Message----- From: Matthew Patton <pattonat_private> To: ntsecurityat_private <ntsecurityat_private> Date: Saturday, August 15, 1998 8:48 PM Subject: Re: [NTSEC] Netscape Server Security Hole : :TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoat_private :Contact ntsecurity-ownerat_private for help with any problems! :--------------------------------------------------------------------------- : :>/?PageServices query, only the Netscape Enterprise 3.5.1 server running on :>NT produce a directory listing of the docs root. : :It's potentially WAY worse than that folks. On a wild guess I hit a certain :miltary related think tank's website. They run Enterprise 3.5.1 on Solaris. :(Netcraft is quite obliging with a list of other sites that run the same :version...) : :What I found was absolutely incredible! The moron who set the site up :didn't separate the webcontent from the server configuration. So here I am :grabbing his user and administrative password files, the works. What a :flaming looser. : :Yes, he's been notified. Thankfully, of the handful of 3.5.1's I've hit :most of them just give up a directory listing of the webroot and that's it. : :This PageServices thing should be a BugTraq item if it isn't already. It's :not limited to just the NT versions. : :-------- :"You need only reflect that one of the best ways to get yourself a : reputation as a dangerous citizen these days is to go around repeating : the very phrases which our founding fathers used in their struggle for : independence," - Charles A. Beard (American historian) : [end]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:51 PDT