OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: snsadvlac.co.jp
Date: Fri Sep 28 2001 - 04:26:33 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----------------------------------------------------------------------
    SNS Advisory No.43
    PGP Keyserver Permissions Misconfiguration

    Problem first discovered: Fri, 3 Aug 2001
    Published: Fri, 28 Sep 2001
    ----------------------------------------------------------------------

    Overview:
    ---------
     PGP Keyserver, distributed by Network Associates, contains a vulnerability
     that allows attackers to access administrative web interface without
     authentication.

    Problem Description:
    --------------------
     PGP Keyserver, distributed by Network Associates, is configured using
     administrative web interface. It is necessary to authenticate username
     and password in order to access the administrative web interface.

     However, PGP Keyserver has a vulnerability that allows unauthorized users
     to change settings. Normally, changes of configuration via authentication
     occur in the following URL:

        http://server.name/keyserver/cgi-bin/console.exe?page_size=...
        http://server.name/keyserver/cgi-bin/cs.exe?action=...

     PGP Keyserver allows attackers to perform administrative tasks without
     authentication by using the following URL:

        http://server.name/cgi-bin/console.exe?page_size=...
        http://server.name/cgi-bin/cs.exe?action=...

    Tested Version:
    ---------------
     PGP Keyserver 7.0 for Windows NT

    Tested on:
    ----------
     Windows 2000 Server + SP2 [English]

    Solution:
    ---------
     A solution for this security issue in PGP Keyserver 7.0 is available at:
     http://www.pgp.com/support/product-advisories/keyserver.asp

    Discovered by:
    --------------
     Nobuo Miwa (LAC / snsadvlac.co.jp)

    Disclaimer:
    -----------
     All information in these advisories are subject to change without any
     advanced notices neither mutual consensus, and each of them is released
     as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
     caused by applying those information.

    References
    ----------
     Archive of this advisory(in preparation now):
     http://www.lac.co.jp/security/english/snsadv_e/43_e.html

    ------------------------------------------------------------------
    Secure Net Service(SNS) Security Advisory <snsadvlac.co.jp>
    Computer Security Laboratory, LAC http://www.lac.co.jp/security/