[7687] in bugtraq
Fw: [NTSEC] Netscape Server Security Hole
daemon@ATHENA.MIT.EDU (jon)
Mon Aug 17 13:01:51 1998
Date: Sun, 16 Aug 1998 18:38:41 -0700
Reply-To: jon <realize@TELEPORT.COM>
From: jon <realize@TELEPORT.COM>
To: BUGTRAQ@NETSPACE.ORG
FWD from ntsecurity. See ntsecurity archive for original postings:
[begin]
I am running Web servers using three different servers, Netscape Enterprise
2.0 on Solaris 2.5.1, Apache 1.2b11 on BSDI 3.0 and Netscape Enterprise
3.5.1 on NT 4.0 Server w/128-bit SP3. In testing these for the
/?PageServices query, only the Netscape Enterprise 3.5.1 server running on
NT [This is not limited to NT. See below, last post...]produce a directory
listing of the docs root.
The Page Services function is a menu item under View in Netscape Navigator
4.xx and Communicator. All one has to do is load up a Web page, go to View
on the menu bar and see it Page Services is activated. If it is, select it
and you'll get back a directory listing of the Web server docs root. If
there are subdirectories in this root, you can see a listing of all the
files in these as well.
I have yet to look at Netscape's site for any news about this problem, but
for now I have turned off the Web server using Enterprise 3.5.1.
>Date: Thu, 13 Aug 1998 23:01:04 +1000
>From: "Simon Johnson" <simon.johnson@shake.net>
>Subject: Re: [NTSEC] Netscape Server Security Hole?
>
>TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>Contact ntsecurity-owner@iss.net for help with any problems!
>- -------------------------------------------------------------------------
--
>
>Hello,
>
>In relation to the /?PageServices query, I think its a misconfiguration of
>the Web server. I have just finished testing 10 different Web servers for
>this query. The following servers were not vulnerable:
>
>Netscape Enterprise 2.01
>Netscape Commerce 1.12
>Oracle Web Listener 4.0.6.2.0 Enterprise Edition
>Apache 1.2.1.
>Apache 1.2.5.
>Apache/1.3.1 (Unix) mod_perl/1.15
>Apache/1.2.6
>Domino Go Webserver 4.6
>
>The Web servers mentioned in Tim Ehrhart's original message are running the
>following:
>
>Netscape Enterprise 2.01 - www.symantec.com
>Netscape Enterprise 3.5.1 - redirect.cnet.com
>
>However I did find that two servers that produced a "Server Error" message.
>They were:
>
>Netscape Enterprise 3.5.1C
>Netscape Enterprise 3.5 For NetWare
>
>I have not tested these two servers to see why they crashed. Nor am I
>planning to.
>
>:-)
>
>Best regards,
>
>Simon Johnson
>Technical Director
>Shake Communications
>Experts in Internet and Information Security
>http://www.shake.net
>
>------------------------------
-----Original Message-----
From: Matthew Patton <patton@sysnet.net>
To: ntsecurity@iss.net <ntsecurity@iss.net>
Date: Saturday, August 15, 1998 8:48 PM
Subject: Re: [NTSEC] Netscape Server Security Hole
:
:TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
:Contact ntsecurity-owner@iss.net for help with any problems!
:---------------------------------------------------------------------------
:
:>/?PageServices query, only the Netscape Enterprise 3.5.1 server running on
:>NT produce a directory listing of the docs root.
:
:It's potentially WAY worse than that folks. On a wild guess I hit a certain
:miltary related think tank's website. They run Enterprise 3.5.1 on Solaris.
:(Netcraft is quite obliging with a list of other sites that run the same
:version...)
:
:What I found was absolutely incredible! The moron who set the site up
:didn't separate the webcontent from the server configuration. So here I am
:grabbing his user and administrative password files, the works. What a
:flaming looser.
:
:Yes, he's been notified. Thankfully, of the handful of 3.5.1's I've hit
:most of them just give up a directory listing of the webroot and that's it.
:
:This PageServices thing should be a BugTraq item if it isn't already. It's
:not limited to just the NT versions.
:
:--------
:"You need only reflect that one of the best ways to get yourself a
: reputation as a dangerous citizen these days is to go around repeating
: the very phrases which our founding fathers used in their struggle for
: independence," - Charles A. Beard (American historian)
:
[end]
