[602] in Enterprise Print Delivery Team
remote-access vulnerability on e19infoprint, hosehead,
daemon@ATHENA.MIT.EDU (Matthew H Power)
Mon Oct 23 08:19:03 2000
Resent-From: David F Lambert <LAMBERT@MITVMA.MIT.Edu>
Resent-To: Enterprise Printing Delivery Project Team <printdel@MIT.EDU>
X-Resent-From: David F Lambert <LAMBERT@MITVMA.MIT.Edu>
X-Resent-To: ASST <asst@mit.edu>,
Tom Dalton <tdalton@mit.edu>
Message-Id: <20001020151350.70441.qmail@customer-care.infrastructure.org>
Date: Fri, 20 Oct 2000 11:13:50 -0400
Reply-To: net-security@MIT.EDU
From: Matthew H Power <mhpower@MIT.EDU>
To: DOST@MITVMA.MIT.EDU
----------------------------Original message----------------------------
Hi Jody,
Would you please follow up on the e19infoprint server? I know hosehead
belongs to DOST. So, we'll handle that one. I can't recall who owns
kingkong.
Tom, would you please follow up on hosehead & kingkong?
-Dave
----------------------------Original message----------------------------
-----BEGIN PGP SIGNED MESSAGE-----
e19infoprint.mit.edu, hosehead.mit.edu, and kingkong.mit.edu
(18.142.1.192, 18.92.0.217, and 18.92.0.72) are vulnerable to the "Web
Server Folder Traversal" issue described at
http://www.microsoft.com/technet/security/bulletin/MS00-078.asp
This apparently allows an intruder from anywhere on the Internet to
execute arbitrary commands on this system. For example, the intruder
would be able to use e19infoprint.mit.edu as the origin point of breakin
attempts or denial-of-service attacks directed against other Internet
sites. The potential effects of the intruder's actions on the local
system would be limited by local security measures and file
permissions, since the vulnerability does not result in the intruder
gaining administrator privileges directly. As an example, the Network
Security team executed the command "dir c:\" on e19infoprint.mit.edu,
and the output began with
Volume in drive C has no label.
Volume Serial Number is 07D0-0801
Directory of c:\
08/01/00 07:07p 11 AUTOEXEC.BAT
08/01/00 06:53p <DIR> BACKUP
08/01/00 06:53p <DIR> DELL
...
Similarly on hosehead.mit.edu:
Volume in drive C is NTWORKDRIVE
Volume Serial Number is 07CE-0310
Directory of c:\
04/24/98 08:06a <DIR> WIN32APP
06/05/98 07:17a 97 AUTOEXEC.BAT
03/16/98 02:46p <DIR> BACKUP
...
And on kingkong.mit.edu:
Volume in drive C has no label.
Volume Serial Number is 240E-392A
Directory of c:\
10/18/00 05:30p <DIR> Aperture
04/13/00 12:12a 0 AUTOEXEC.BAT
04/13/00 12:12a 0 CONFIG.SYS
...
To fix the vulnerability, refer to the "Patch Availability" section of
the www.microsoft.com web page mentioned above. Please let us know
(via e-mail to net-security@mit.edu) when you have completed the
applicable patch installation.
Matt Power
Network Security team, MIT Information Systems
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBOfBfpaXcG113/1BtAQEh7wP/W2pEWVj8Kp3jlsek29laGw+hednheaTg
Twt0FHrIIPBP8r6HF6KBRmhwJ4nj+QVzveE041rde2XoqMuM0z+C1OS9Y40cZtXN
hZ7xmtkgh0+DCbVCJY9swdY3QQhapJE+p2J71YrYkSMjnLd0XjpfKMNfn3B+JpRb
UgtbLguIkGw=
=NlkJ
-----END PGP SIGNATURE-----
