Fw: [NTSEC] Netscape Server Security Hole

[realize () TELEPORT COM (jon)]

FWD from ntsecurity. See ntsecurity archive for original postings:
[begin]
I am running Web servers using three different servers, Netscape Enterprise
2.0 on Solaris 2.5.1,  Apache 1.2b11 on BSDI 3.0 and Netscape Enterprise
3.5.1 on NT 4.0 Server w/128-bit SP3.   In testing these for the
/?PageServices query, only the Netscape Enterprise 3.5.1 server running on
NT [This is not limited to NT. See below, last post...]produce a directory
listing of the docs root.


The Page Services function is a menu item under View in Netscape Navigator
4.xx and Communicator.  All one has to do is load up a Web page, go to View
on the menu bar and see it Page Services is activated.  If it is, select it
and you'll get back a directory listing of the Web server docs root.  If
there are subdirectories in this root, you can see a listing of all the
files in these as well.

I have yet to look at Netscape's site for any news about this problem, but
for now I have turned off the Web server using Enterprise 3.5.1.

> Date: Thu, 13 Aug 1998 23:01:04 +1000
> From: "Simon Johnson" <simon.johnson () shake net>
> Subject: Re: [NTSEC] Netscape Server Security Hole?
>
> TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo () iss net
> Contact ntsecurity-owner () iss net for help with any problems!
> - -------------------------------------------------------------------------
--
> Hello,
>
> In relation to the /?PageServices query, I think its a misconfiguration of
> the Web server.  I have just finished testing 10 different Web servers for
> this query. The following servers were not vulnerable:
>
> Netscape Enterprise 2.01
> Netscape Commerce 1.12
> Oracle Web Listener 4.0.6.2.0 Enterprise Edition
> Apache 1.2.1.
> Apache 1.2.5.
> Apache/1.3.1 (Unix) mod_perl/1.15
> Apache/1.2.6
> Domino Go Webserver 4.6
>
> The Web servers mentioned in Tim Ehrhart's original message are running the
> following:
>
> Netscape Enterprise 2.01 - www.symantec.com
> Netscape Enterprise 3.5.1 - redirect.cnet.com
>
> However I did find that two servers that produced a "Server Error" message.
> They were:
>
> Netscape Enterprise 3.5.1C
> Netscape Enterprise 3.5 For NetWare
>
> I have not tested these two servers to see why they crashed. Nor am I
> planning to.
>
> :-)
>
> Best regards,
>
> Simon Johnson
> Technical Director
> Shake Communications
> Experts in Internet and Information Security
> http://www.shake.net
>
> ------------------------------

-----Original Message-----
From: Matthew Patton <patton () sysnet net>
To: ntsecurity () iss net <ntsecurity () iss net>
Date: Saturday, August 15, 1998 8:48 PM
Subject: Re: [NTSEC] Netscape Server Security Hole


:
:TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo () iss net
:Contact ntsecurity-owner () iss net for help with any problems!
:---------------------------------------------------------------------------
:
:>/?PageServices query, only the Netscape Enterprise 3.5.1 server running on
:>NT produce a directory listing of the docs root.
:
:It's potentially WAY worse than that folks. On a wild guess I hit a certain
:miltary related think tank's website. They run Enterprise 3.5.1 on Solaris.
:(Netcraft is quite obliging with a list of other sites that run the same
:version...)
:
:What I found was absolutely incredible! The moron who set the site up
:didn't separate the webcontent from the server configuration. So here I am
:grabbing his user and administrative password files, the works. What a
:flaming looser.
:
:Yes, he's been notified. Thankfully, of the handful of 3.5.1's I've hit
:most of them just give up a directory listing of the webroot and that's it.
:
:This PageServices thing should be a BugTraq item if it isn't already. It's
:not limited to just the NT versions.
:
:--------
:"You need only reflect that one of the best ways to get yourself a
: reputation as a dangerous citizen these days is to go around repeating
: the very phrases which our founding fathers used in their struggle for
: independence,"  - Charles A. Beard (American historian)
:
[end]