[22751] in bugtraq
[SNS Advisory No.43] PGP Keyserver Permissions Misconfiguration
daemon@ATHENA.MIT.EDU (snsadv@lac.co.jp)
Fri Sep 28 11:44:57 2001
Date: Fri, 28 Sep 2001 18:26:33 +0900
From: "snsadv@lac.co.jp" <snsadv@lac.co.jp>
To: bugtraq@securityfocus.com
Message-Id: <20010928182538.CFEF.SNSADV@lac.co.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
----------------------------------------------------------------------
SNS Advisory No.43
PGP Keyserver Permissions Misconfiguration
Problem first discovered: Fri, 3 Aug 2001
Published: Fri, 28 Sep 2001
----------------------------------------------------------------------
Overview:
---------
PGP Keyserver, distributed by Network Associates, contains a vulnerability
that allows attackers to access administrative web interface without
authentication.
Problem Description:
--------------------
PGP Keyserver, distributed by Network Associates, is configured using
administrative web interface. It is necessary to authenticate username
and password in order to access the administrative web interface.
However, PGP Keyserver has a vulnerability that allows unauthorized users
to change settings. Normally, changes of configuration via authentication
occur in the following URL:
http://server.name/keyserver/cgi-bin/console.exe?page_size=...
http://server.name/keyserver/cgi-bin/cs.exe?action=...
PGP Keyserver allows attackers to perform administrative tasks without
authentication by using the following URL:
http://server.name/cgi-bin/console.exe?page_size=...
http://server.name/cgi-bin/cs.exe?action=...
Tested Version:
---------------
PGP Keyserver 7.0 for Windows NT
Tested on:
----------
Windows 2000 Server + SP2 [English]
Solution:
---------
A solution for this security issue in PGP Keyserver 7.0 is available at:
http://www.pgp.com/support/product-advisories/keyserver.asp
Discovered by:
--------------
Nobuo Miwa (LAC / snsadv@lac.co.jp)
Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.
References
----------
Archive of this advisory(in preparation now):
http://www.lac.co.jp/security/english/snsadv_e/43_e.html
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
