Re: Fw: [NTSEC] Netscape Server Security Hole

From: John Sweeney (quantiumat_private)
Date: Mon Aug 17 1998 - 11:00:41 PDT

Next message: De_Paddy: "Real Audio Server Version 5 bug?"

Previous message: Roger Books: "specifics on cisco DOS?"
Maybe in reply to: jon: "Fw: [NTSEC] Netscape Server Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just turn off direcory indexing on the affected servers.

then you just get a "Server Error" message

John Sweeney
Network Professionals, Inc.


-----Original Message-----
From: jon <realizeat_private>
To: BUGTRAQat_private <BUGTRAQat_private>
Date: Monday, August 17, 1998 1:03 PM
Subject: Fw: [NTSEC] Netscape Server Security Hole


>FWD from ntsecurity. See ntsecurity archive for original postings:
>[begin]
>I am running Web servers using three different servers, Netscape Enterprise
>2.0 on Solaris 2.5.1,  Apache 1.2b11 on BSDI 3.0 and Netscape Enterprise
>3.5.1 on NT 4.0 Server w/128-bit SP3.   In testing these for the
>/?PageServices query, only the Netscape Enterprise 3.5.1 server running on
>NT [This is not limited to NT. See below, last post...]produce a directory
>listing of the docs root.
>
>
>The Page Services function is a menu item under View in Netscape Navigator
>4.xx and Communicator.  All one has to do is load up a Web page, go to View
>on the menu bar and see it Page Services is activated.  If it is, select it
>and you'll get back a directory listing of the Web server docs root.  If
>there are subdirectories in this root, you can see a listing of all the
>files in these as well.
>
>I have yet to look at Netscape's site for any news about this problem, but
>for now I have turned off the Web server using Enterprise 3.5.1.
>
>>Date: Thu, 13 Aug 1998 23:01:04 +1000
>>From: "Simon Johnson" <simon.johnsonat_private>
>>Subject: Re: [NTSEC] Netscape Server Security Hole?
>>
>>TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoat_private
>>Contact ntsecurity-ownerat_private for help with any problems!
>>- ------------------------------------------------------------------------
-
>--
>>
>>Hello,
>>
>>In relation to the /?PageServices query, I think its a misconfiguration of
>>the Web server.  I have just finished testing 10 different Web servers for
>>this query. The following servers were not vulnerable:
>>
>>Netscape Enterprise 2.01
>>Netscape Commerce 1.12
>>Oracle Web Listener 4.0.6.2.0 Enterprise Edition
>>Apache 1.2.1.
>>Apache 1.2.5.
>>Apache/1.3.1 (Unix) mod_perl/1.15
>>Apache/1.2.6
>>Domino Go Webserver 4.6
>>
>>The Web servers mentioned in Tim Ehrhart's original message are running
the
>>following:
>>
>>Netscape Enterprise 2.01 - www.symantec.com
>>Netscape Enterprise 3.5.1 - redirect.cnet.com
>>
>>However I did find that two servers that produced a "Server Error"
message.
>>They were:
>>
>>Netscape Enterprise 3.5.1C
>>Netscape Enterprise 3.5 For NetWare
>>
>>I have not tested these two servers to see why they crashed. Nor am I
>>planning to.
>>
>>:-)
>>
>>Best regards,
>>
>>Simon Johnson
>>Technical Director
>>Shake Communications
>>Experts in Internet and Information Security
>>http://www.shake.net
>>
>>------------------------------
>
>-----Original Message-----
>From: Matthew Patton <pattonat_private>
>To: ntsecurityat_private <ntsecurityat_private>
>Date: Saturday, August 15, 1998 8:48 PM
>Subject: Re: [NTSEC] Netscape Server Security Hole
>
>
>:
>:TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomoat_private
>:Contact ntsecurity-ownerat_private for help with any problems!
>:--------------------------------------------------------------------------
-
>:
>:>/?PageServices query, only the Netscape Enterprise 3.5.1 server running
on
>:>NT produce a directory listing of the docs root.
>:
>:It's potentially WAY worse than that folks. On a wild guess I hit a
certain
>:miltary related think tank's website. They run Enterprise 3.5.1 on
Solaris.
>:(Netcraft is quite obliging with a list of other sites that run the same
>:version...)
>:
>:What I found was absolutely incredible! The moron who set the site up
>:didn't separate the webcontent from the server configuration. So here I am
>:grabbing his user and administrative password files, the works. What a
>:flaming looser.
>:
>:Yes, he's been notified. Thankfully, of the handful of 3.5.1's I've hit
>:most of them just give up a directory listing of the webroot and that's
it.
>:
>:This PageServices thing should be a BugTraq item if it isn't already. It's
>:not limited to just the NT versions.
>:
>:--------
>:"You need only reflect that one of the best ways to get yourself a
>: reputation as a dangerous citizen these days is to go around repeating
>: the very phrases which our founding fathers used in their struggle for
>: independence,"  - Charles A. Beard (American historian)
>:
>[end]
>

Next message: De_Paddy: "Real Audio Server Version 5 bug?"
Previous message: Roger Books: "specifics on cisco DOS?"
Maybe in reply to: jon: "Fw: [NTSEC] Netscape Server Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:12:53 PDT