Netscape Enterprise Server 3.5.1 (Publisher) has a problem with the default ACL settings that could allow an intruder to view/download "non-public" files in the web root.
606350da577109d146a4a0d63edb271dVendor: Netscape
Product: Enterprise Server 3.5.1 (and others?)
Specifics: Netscape Web Publisher
Vulnerability Briefing: A very wide problem with ACL
settings and default
settings with Netscape Enterprise Server (Publisher).
Description:
With the default installation of Netscape Enterprise Server
3.5.1 (and
others possibly), a java based package called the "Netscape
Web Publisher"
is included. This program is web based and is also linked on
the default
index which comes with Enterprise Server.
After running an extensive search of the default index
content, I have
found various sites running Publisher, with a poor
application
of the ACL (Access Control Lists) options of Enterprise
Server (about 90%
of the sites).
Such actions that an intruder could apply would be the
search of web index
content, web root directory listing, and the
viewing/downloading of
"non-public" files in the web root.
Here are descriptors which provides a criteria of what
should be
considered vulnerable:
-The default Enterprise Server index is public
-http://www.poorperms.null/publisher is publicly available
-Proper and more secure ACL selections
The third descriptor is one quite important. With Enterprise
Server, I
believe that you have the option of picking USER/PASS
authentication vs.
certificate based authentication. Many of these sites pick
the later,
certificate authentication. An intruder could simply use a
proxy and/or
use other cloaking techniques, accept the certificate, and
continue on to
use the Publisher.
*Solution*
The solution(s) is one that is parted, where both Netscape
and the
customer/administrator could take part to provide solutions
to this on
going problem.
Fixes:
-Remove the default index and any default programs you do
not use (such as
Publisher, and Publisher Search)
-If Publisher must be used, USER/PASS methods are highly
recommended
rather than certificates
-Use the ACL settings more efficiently (directory perms,
etc.)
For more information on how to take control of ACL options,
refer to the
help directory which comes with Enterprise Server, or visit
the vendor's
website at http://www.netscape.com.
Adios,
Charles Chear
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!