[18977] in bugtraq
Netscape E.S. Web Publisher ACL Vulnerabilities
daemon@ATHENA.MIT.EDU (Charles Chear)
Fri Feb 2 21:19:03 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0102021356270.7381-100000@beef.tpgn.net>
Date: Fri, 2 Feb 2001 13:57:34 -0500
Reply-To: Charles Chear <presto@TPGN.NET>
From: Charles Chear <presto@TPGN.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Vendor: Netscape
Product: Enterprise Server 3.5.1 (and others?)
Specifics: Netscape Web Publisher
Vulnerability Briefing: A very wide problem with ACL settings and default
settings with Netscape Enterprise Server (Publisher).
Description:
With the default installation of Netscape Enterprise Server 3.5.1 (and
others possibly), a java based package called the "Netscape Web Publisher"
is included. This program is web based and is also linked on the default
index which comes with Enterprise Server.
After running an extensive search of the default index content, I have
found various sites running Publisher, with a poor application
of the ACL (Access Control Lists) options of Enterprise Server (about 90%
of the sites).
Such actions that an intruder could apply would be the search of web index
content, web root directory listing, and the viewing/downloading of
"non-public" files in the web root.
Here are descriptors which provides a criteria of what should be
considered vulnerable:
-The default Enterprise Server index is public
-http://www.poorperms.null/publisher is publicly available
-Proper and more secure ACL selections
The third descriptor is one quite important. With Enterprise Server, I
believe that you have the option of picking USER/PASS authentication vs.
certificate based authentication. Many of these sites pick the later,
certificate authentication. An intruder could simply use a proxy and/or
use other cloaking techniques, accept the certificate, and continue on to
use the Publisher.
*Solution*
The solution(s) is one that is parted, where both Netscape and the
customer/administrator could take part to provide solutions to this on
going problem.
Fixes:
-Remove the default index and any default programs you do not use (such as
Publisher, and Publisher Search)
-If Publisher must be used, USER/PASS methods are highly recommended
rather than certificates
-Use the ACL settings more efficiently (directory perms, etc.)
For more information on how to take control of ACL options, refer to the
help directory which comes with Enterprise Server, or visit the vendor's
website at http://www.netscape.com.
Adios,
Charles Chear
-=-
-----------------------------------------------
- [Homepage]: http://www.tpgn.net/~presto/
- "You're more cornea than a retina."
- "I'm not square cause I wreck when I tangle."
-----------------------------------------------
-=-
