Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Adam Laurie (adamALGROUP.CO.UK)
Date: Wed Apr 18 2001 - 09:01:15 CDT
at the time of writing, 5.0p2 is the currently available revision on
iplanet's download site.
the standard install of iPlanet Calendar server stores the NAS LDAP
admin username and password in plaintext in the world readable file:
-rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18
in the fields
this potentially gives all local users full read/write access to the
underlying NAS LDAP database (which is normally used for admin
facilities such as storing user / group profiles, passwords, ACLs, SSL
certificates and/or other sensitive company information), and full
administrative control of the local NAS server. this access could in
turn lead to compromise of other facilities such as web/e-commerce
sites, directories etc.
i believe that the default install of the underlying NAS LDAP server and
associated administration packages allow remote admin via tcp/ip, so
other remote compromises that allow reading of world readable files (or
any other disclosures of the above file contents) could lead to full
remote read/write access of the NAS LDAP database and full remote
administrative control of the server.
this was reported to iplanet at the end of february 2001, who requested
i submit it to netscape's online bug-tracking system which i did on 3rd
march. i have heard nothing from them since. i have not personally
investigated or tested any fix for this.
-- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adamalgroup.co.uk UNITED KINGDOM PGP key on keyservers