|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <NCBBKFKDOLAGKIAPMILPGEGKCEAA.luck@ussrback.com> Date: Fri, 26 May 2000 01:02:20 -0300 Reply-To: Luciano Martins <luck@USSRBACK.COM> From: Luciano Martins <luck@USSRBACK.COM> X-To: BUGTRAQ <bugtraq@securityfocus.com> To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <392DBFEA.7EDAAE9A@ussrback.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 well, hello first :), we have been researching McAfee WebShield SMTP v4.5.74.0 for a long time (since the middle of march), and by default only (localhost) can connect to port 9999. So this "Authentication issue in WebShield SMTP v4.5.44 Management", has no effect on the last version released the March 15, 2000. > II. Solution > ==================================================================== > ======== ==== > > Vendor Contacted: 8-May-2000 > > Currently there is no vendor patch available but there is the > following preventative measures: Of course, NAI did nothing because the problem is already fixed in latest version. u n d e r g r o u n d s e c u r i t y s y s t e m s r e s e a r c h http://www.ussrback.com Security Team wrote: > ==================================================================== > ======== ==== > Delphis Consulting Plc > ==================================================================== > ======== ==== > > Security Team Advisories > [08/05/2000] > > securityteam@delphisplc.com > > ==================================================================== > ======== ==== > Adv : DST2K0004b > Title : Authentication issue in WebShield SMTP v4.5.44 > Management Tool > Author : DCIST (securityteam@delphisplc.com) > O/S : Microsoft Windows NT v4.0 Server (SP6) > Product : NAI WebShield SMTP v4.0.5 > Date : 08/05/2000 (Updated 15/05/2000) > > I. Description > > II. Solution > > III. Disclaimer > ==================================================================== > ======== ==== > > I. Description > ==================================================================== > ======== ==== > > Delphis Consulting Internet Security Team (DCIST) discovered the > following vuln- > erability in the NAI Management Agent for WebShield SMTP under > Windows NT. > > Connecting to a machine which runs the management agent on port > 9999 may allow > an attacker to obtain read and write access to the configuration of > a WebShield > SMTP server. This appears to happen, even if the the MailCfg > service is set to > only allow configuration to take place from "localhost" in some > configurations. > > The configuration data appears written to the registry before the > service suffers from lack of bounds checking. This information > written to the registry > can be used to prevent the WebShield service from being started. > > Update: 15/05/2000 > > The configuration agent uses hostname for authentication, if the > server upon which the management agent is running is unable to > resolve a hostname to the IP address it will allow access by > default. > > II. Solution > ==================================================================== > ======== ==== > > Vendor Contacted: 8-May-2000 > > Currently there is no vendor patch available but the following are > preventative > measures Delphis Consulting Internet Security Team would advise > users running > this service to implement. > > o Don't allow the service to run as SYSTEM but as a restricted user > account. o Access list port 9999 on the local router or firewall to > restrict access to only required machines. > o Stop the management service. > > III. Disclaimer > ==================================================================== > ======== ==== > THE INFORMATION CONTAINED IN THIS ADVISORY IS BELIEVED TO BE > ACCURATE AT THE TIME OF PRINTING, BUT NO REPRESENTATION OR WARRANTY > IS GIVEN, EXPRESS OR IMPLIED, AS TO ITS ACCURACY OR COMPLETENESS. > NEITHER THE AUTHOR NOR THE PUBLISHER ACCEPTS ANY LIABILITY > WHATSOEVER FOR ANY DIRECT, INDIRECT OR CONSEQUENTIAL LOSS OR DAMAGE > ARISING IN ANY WAY FROM ANY USE OF, OR RELIANCE PLACED ON, THIS > INFORMATION FOR ANY PURPOSE. > ==================================================================== > ======== ==== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOS33TK3JcbWNj6DDEQIvSQCff0TkimgvR2uzrPX0B8KWM5qOfZUAoIY4 50aMC/IqH9mcNPt8g1r7EQk4 =kegL -----END PGP SIGNATURE-----
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |