OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Adam Laurie (adamALGROUP.CO.UK)
Date: Wed Apr 18 2001 - 09:01:15 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    at the time of writing, 5.0p2 is the currently available revision on
    iplanet's download site.

    the problem:

    the standard install of iPlanet Calendar server stores the NAS LDAP
    admin username and password in plaintext in the world readable file:

    -rw-r--r-- 1 icsuser icsgroup 37882 Feb 20 10:18
    /opt/SUNWics5/cal/bin/config/ics.conf

    in the fields

      local.authldapbinddn (username)

    and

      local.authldapbindcred (password)

    this potentially gives all local users full read/write access to the
    underlying NAS LDAP database (which is normally used for admin
    facilities such as storing user / group profiles, passwords, ACLs, SSL
    certificates and/or other sensitive company information), and full
    administrative control of the local NAS server. this access could in
    turn lead to compromise of other facilities such as web/e-commerce
    sites, directories etc.

    i believe that the default install of the underlying NAS LDAP server and
    associated administration packages allow remote admin via tcp/ip, so
    other remote compromises that allow reading of world readable files (or
    any other disclosures of the above file contents) could lead to full
    remote read/write access of the NAS LDAP database and full remote
    administrative control of the server.

    this was reported to iplanet at the end of february 2001, who requested
    i submit it to netscape's online bug-tracking system which i did on 3rd
    march. i have heard nothing from them since. i have not personally
    investigated or tested any fix for this.

    enjoy,
    Adam

    --
    Adam Laurie                   Tel: +44 (20) 8742 0755
    A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
    Voysey House                  http://www.thebunker.net
    Barley Mow Passage            http://www.aldigital.co.uk
    London W4 4GB                 mailto:adamalgroup.co.uk
    UNITED KINGDOM                PGP key on keyservers