[7692] in bugtraq
Re: Fw: [NTSEC] Netscape Server Security Hole
daemon@ATHENA.MIT.EDU (John Sweeney)
Mon Aug 17 14:14:58 1998
Date: Mon, 17 Aug 1998 14:00:41 -0400
Reply-To: John Sweeney <quantium@SE.MEDIAONE.NET>
From: John Sweeney <quantium@SE.MEDIAONE.NET>
X-To: jon <realize@TELEPORT.COM>
To: BUGTRAQ@NETSPACE.ORG
Just turn off direcory indexing on the affected servers.
then you just get a "Server Error" message
John Sweeney
Network Professionals, Inc.
-----Original Message-----
From: jon <realize@TELEPORT.COM>
To: BUGTRAQ@netspace.org <BUGTRAQ@netspace.org>
Date: Monday, August 17, 1998 1:03 PM
Subject: Fw: [NTSEC] Netscape Server Security Hole
>FWD from ntsecurity. See ntsecurity archive for original postings:
>[begin]
>I am running Web servers using three different servers, Netscape Enterprise
>2.0 on Solaris 2.5.1, Apache 1.2b11 on BSDI 3.0 and Netscape Enterprise
>3.5.1 on NT 4.0 Server w/128-bit SP3. In testing these for the
>/?PageServices query, only the Netscape Enterprise 3.5.1 server running on
>NT [This is not limited to NT. See below, last post...]produce a directory
>listing of the docs root.
>
>
>The Page Services function is a menu item under View in Netscape Navigator
>4.xx and Communicator. All one has to do is load up a Web page, go to View
>on the menu bar and see it Page Services is activated. If it is, select it
>and you'll get back a directory listing of the Web server docs root. If
>there are subdirectories in this root, you can see a listing of all the
>files in these as well.
>
>I have yet to look at Netscape's site for any news about this problem, but
>for now I have turned off the Web server using Enterprise 3.5.1.
>
>>Date: Thu, 13 Aug 1998 23:01:04 +1000
>>From: "Simon Johnson" <simon.johnson@shake.net>
>>Subject: Re: [NTSEC] Netscape Server Security Hole?
>>
>>TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>>Contact ntsecurity-owner@iss.net for help with any problems!
>>- ------------------------------------------------------------------------
-
>--
>>
>>Hello,
>>
>>In relation to the /?PageServices query, I think its a misconfiguration of
>>the Web server. I have just finished testing 10 different Web servers for
>>this query. The following servers were not vulnerable:
>>
>>Netscape Enterprise 2.01
>>Netscape Commerce 1.12
>>Oracle Web Listener 4.0.6.2.0 Enterprise Edition
>>Apache 1.2.1.
>>Apache 1.2.5.
>>Apache/1.3.1 (Unix) mod_perl/1.15
>>Apache/1.2.6
>>Domino Go Webserver 4.6
>>
>>The Web servers mentioned in Tim Ehrhart's original message are running
the
>>following:
>>
>>Netscape Enterprise 2.01 - www.symantec.com
>>Netscape Enterprise 3.5.1 - redirect.cnet.com
>>
>>However I did find that two servers that produced a "Server Error"
message.
>>They were:
>>
>>Netscape Enterprise 3.5.1C
>>Netscape Enterprise 3.5 For NetWare
>>
>>I have not tested these two servers to see why they crashed. Nor am I
>>planning to.
>>
>>:-)
>>
>>Best regards,
>>
>>Simon Johnson
>>Technical Director
>>Shake Communications
>>Experts in Internet and Information Security
>>http://www.shake.net
>>
>>------------------------------
>
>-----Original Message-----
>From: Matthew Patton <patton@sysnet.net>
>To: ntsecurity@iss.net <ntsecurity@iss.net>
>Date: Saturday, August 15, 1998 8:48 PM
>Subject: Re: [NTSEC] Netscape Server Security Hole
>
>
>:
>:TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>:Contact ntsecurity-owner@iss.net for help with any problems!
>:--------------------------------------------------------------------------
-
>:
>:>/?PageServices query, only the Netscape Enterprise 3.5.1 server running
on
>:>NT produce a directory listing of the docs root.
>:
>:It's potentially WAY worse than that folks. On a wild guess I hit a
certain
>:miltary related think tank's website. They run Enterprise 3.5.1 on
Solaris.
>:(Netcraft is quite obliging with a list of other sites that run the same
>:version...)
>:
>:What I found was absolutely incredible! The moron who set the site up
>:didn't separate the webcontent from the server configuration. So here I am
>:grabbing his user and administrative password files, the works. What a
>:flaming looser.
>:
>:Yes, he's been notified. Thankfully, of the handful of 3.5.1's I've hit
>:most of them just give up a directory listing of the webroot and that's
it.
>:
>:This PageServices thing should be a BugTraq item if it isn't already. It's
>:not limited to just the NT versions.
>:
>:--------
>:"You need only reflect that one of the best ways to get yourself a
>: reputation as a dangerous citizen these days is to go around repeating
>: the very phrases which our founding fathers used in their struggle for
>: independence," - Charles A. Beard (American historian)
>:
>[end]
>
