OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Charles Chear (prestoTPGN.NET)
Date: Fri Feb 02 2001 - 12:57:34 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Vendor: Netscape
    Product: Enterprise Server 3.5.1 (and others?)
    Specifics: Netscape Web Publisher

    Vulnerability Briefing: A very wide problem with ACL settings and default
    settings with Netscape Enterprise Server (Publisher).

    Description:
    With the default installation of Netscape Enterprise Server 3.5.1 (and
    others possibly), a java based package called the "Netscape Web Publisher"
    is included. This program is web based and is also linked on the default
    index which comes with Enterprise Server.

    After running an extensive search of the default index content, I have
    found various sites running Publisher, with a poor application
    of the ACL (Access Control Lists) options of Enterprise Server (about 90%
    of the sites).

    Such actions that an intruder could apply would be the search of web index
    content, web root directory listing, and the viewing/downloading of
    "non-public" files in the web root.

    Here are descriptors which provides a criteria of what should be
    considered vulnerable:

    -The default Enterprise Server index is public
    -http://www.poorperms.null/publisher is publicly available
    -Proper and more secure ACL selections

    The third descriptor is one quite important. With Enterprise Server, I
    believe that you have the option of picking USER/PASS authentication vs.
    certificate based authentication. Many of these sites pick the later,
    certificate authentication. An intruder could simply use a proxy and/or
    use other cloaking techniques, accept the certificate, and continue on to
    use the Publisher.

    *Solution*
    The solution(s) is one that is parted, where both Netscape and the
    customer/administrator could take part to provide solutions to this on
    going problem.

    Fixes:
    -Remove the default index and any default programs you do not use (such as
    Publisher, and Publisher Search)
    -If Publisher must be used, USER/PASS methods are highly recommended
    rather than certificates
    -Use the ACL settings more efficiently (directory perms, etc.)

    For more information on how to take control of ACL options, refer to the
    help directory which comes with Enterprise Server, or visit the vendor's
    website at http://www.netscape.com.

    Adios,
     Charles Chear

    -=-
    -----------------------------------------------
    - [Homepage]: http://www.tpgn.net/~presto/
    - "You're more cornea than a retina."
    - "I'm not square cause I wreck when I tangle."
    -----------------------------------------------
    -=-