exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

netscape.ad.00-07

netscape.ad.00-07
Posted Jul 13, 2000
Authored by Fobic

Security Advisory ( netscape.ad.00-07 ) - Netscape Administration Server Password Disclosure. Netscape SuiteSpot running on Netscape webservers has a password file which in the default configuration is readable by remote users. All platforms are affected.

tags | exploit, remote
SHA-256 | fc8ced0cf42485c9c5449d2871d4e468f97c98348842598afee7f8f1b5693c16

netscape.ad.00-07

Change Mirror Download
[ July 11, 2000 ]


Security Advisory ( netscape.ad.00-07 ) : Netscape Administration Server Password Disclosure.



Affected Platforms:

* AIX
* Digital-Unix
* HP-Unix
* IRIX
* Linux
* Solaris
* WindowsNT


Affected Versions:

Netscape SuiteSpot running on:

* Netscape Enterprise/3.5.1C
* Netscape Enterprise/3.5.1G
* Netscape Enterprise/3.5 1I
* Netscape Enterprise/3.6 SP1
* Netscape Enterprise/3.6 SP2
* Netscape Enterprise/3.6 SP3
* Netscape Fasttrack/3.0.1
* Netscape Fasttrack/3.0.2
* Netscape Messaging Server/3.01
* Netscape Messaging Server/3.54
* Netscape Messaging Server/3.56
* Netscape Messaging Server/3.6
* Netscape Messaging Server/4.1
* Netscape Messaging Server/4.15
* Netscape Messaging Server/4.15p1
* Netscape Messaging Server/4.15p2
* Netscape Collabra Server/3.53
* Netscape Collabra Server/3.54

Overview:

The administration server is a web-based server that contains the Java and JavaScript forms you use to configure your
Netscape SuiteSpot servers. The authentication username and password for this service are kept in a directory in the
server root, readable by default.


Description:

The administration server is installed when you first install SuiteSpot server. For remote logon, it authenticates by
validating the password prompt input with the administration server password file. This password file is kept in a local
directory within the SuiteSpot server. The SuiteSpot superuser password file is located at the following path:

http://www.server.com/admin-serv/config/admpw

The admpwd file is in the "user:password" format, with an encrypted password field which can potentially be compromized
by a brute force attack. This user has full access to all features in the administration server and sees all forms in
the administration server except the Users & Groups forms since these require in a valid account in an LDAP server such
as Netscape Directory Server.

The Netscape-Enterprise manual page on Administration Server specifies that it is recommended that you write-protect the
admpwd file since this is not done by default. Therefore this leaves a security hole which allows third party unauthorized
users to potentially gain full access to the administration server console.

The administration server will reside on the port which you decided upon installing SuiteSpot.


Solution:

1. Set write-protect permissions on the admpw file located at <server_root>/admin-serv/config/admpw
2. Shut down the administration server in the following ways:
A. Go to Server Manager and choose Admin Preferences|Shutdown. Click "Shut down the Administration Server".
B. On a UNIX system:
To stop the administration server, go to your server root and type "./stop-admin".
To start or restart the server, type "./start-admin" and "./restart-admin" respectively.
C. On NT:
To stop the administration server, go to Control Panel|Services. Select the "Netscape Administration Server"
and click Stop. To restart it, click Start.




--------------------------

by f0bic (kris@securax.org)

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close