[10647] in bugtraq
Infosec.19990526.compaq-im.a
daemon@ATHENA.MIT.EDU (gabriel.sandberg@INFOSEC.SE)
Wed May 26 14:52:57 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7BIT
Message-Id: <4125677D.0056351A.00@mailgw.backupcentralen.se>
Date: Wed, 26 May 1999 16:41:36 +0100
Reply-To: gabriel.sandberg@INFOSEC.SE
From: gabriel.sandberg@INFOSEC.SE
To: BUGTRAQ@NETSPACE.ORG
Infosec Security Vulnerability Report
No: Infosec.19990526.compaq-im.a
=====================================
Vulnerability Summary
---------------------
Problem: The web server included in Compaq Insight
Manager could expose sensitive information.
Threat: Anyone that have access to port 2301 where
Compaq Insight Manager is installed could get
unrestricted access to the servers disk through
the "root dot dot" bug.
Platform: Detected on Windows NT and Novell Netware servers
running on Compaq hardware.
Solution: Disable the Compaq Insight Manager web server or
restrict anonymous access.
Vulnerability Description
-------------------------
When installing Compaq Insight Manager a web server gets installed. This web
server runs on port 2301 and is vulnerable to the old "root dot dot" bug. This
bug gives unrestricted access to the vulnerable server?s disk. It could easily
get exploited with one of the URLs:
http://vulnerable-NT.com:2301/../../../winnt/repair/sam._
http://vulnerable-Netware.com:2301/../../../system/ldremote.ncf
(How many dots there should be is install-dependent)
Solution
--------
You could probably fix the problem by restricting anonymous access to the Compaq
Insight Manager web server. If you are not using the web server, Infosec
recommends disabling the service.
Background
----------
Infosec gives the credits to Master Dogen who first reported the problem
(Windows NT and Compaq Insight Manager) to us and wanted us go public with a
vulnerability report.
Infosec have found that Novell Netware with Compaq Insight Manager have the same
problem but is not as common as on Windows NT.
Compaq Sweden was informed about this problem april 26, 1999.
//Gabriel Sandberg, Infosec
gabriel.sandberg@infosec.se
