5270090 2000-07-12  20:39  /100 rader/ Postmaster
Mottagare: Bugtraq (import) <11709>
Ärende: Security Advisory: Netscape Administration Server Passwor 
------------------------------------------------------------
             Disclosure. ( netscape.ad-1.00-07 )
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
Content-Type: text/plain
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID:  <00071122473300.00796@ninja>
Date:         Tue, 11 Jul 2000 22:46:22 -0400
Reply-To: kris@securax.org
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: f0bic <kris@securax.org>
To: BUGTRAQ@SECURITYFOCUS.COM

[ July 11, 2000 ]


Security Advisory ( netscape.ad.00-07 ) : Netscape Administration
Server Password Disclosure.



Affected Platforms:

     * AIX
     * Digital-Unix
     * HP-Unix
     * IRIX
     * Linux
     * Solaris
     * WindowsNT


Affected Versions:

     Netscape SuiteSpot running on:

     * Netscape Enterprise/3.5.1C
     * Netscape Enterprise/3.5.1G
     * Netscape Enterprise/3.5 1I
     * Netscape Enterprise/3.6 SP1
     * Netscape Enterprise/3.6 SP2
     * Netscape Enterprise/3.6 SP3
     * Netscape Fasttrack/3.0.1
     * Netscape Fasttrack/3.0.2
     * Netscape Messaging Server/3.01
     * Netscape Messaging Server/3.54
     * Netscape Messaging Server/3.56
     * Netscape Messaging Server/3.6
     * Netscape Messaging Server/4.1
     * Netscape Messaging Server/4.15
     * Netscape Messaging Server/4.15p1
     * Netscape Messaging Server/4.15p2
     * Netscape Collabra Server/3.53
     * Netscape Collabra Server/3.54

Overview:

     The administration server is a web-based server that contains
     the Java and JavaScript forms you use to configure your Netscape
     SuiteSpot servers. The authentication username and password for
     this service are kept in a directory in the server root,
     readable by default.


Description:

     The administration server is installed when you first install
     SuiteSpot server. For remote logon, it authenticates by
     validating the password prompt input with the administration
     server password file. This password file is kept in a local
     directory within the SuiteSpot server. The SuiteSpot superuser
     password file is located at the following path:

     http://www.server.com/admin-serv/config/admpw

     The admpwd file is in the "user:password" format, with an
     encrypted password field which can potentially be compromized by
     a brute force attack. This user has full access to all features
     in the administration server and sees all forms in the
     administration server except the Users & Groups forms since
     these require in a valid account in an LDAP server such as
     Netscape Directory Server.

     The Netscape-Enterprise manual page on Administration Server
     specifies that it is recommended that you write-protect the
     admpwd file since this is not done by default. Therefore this
     leaves a security hole which allows third party unauthorized
     users to potentially gain full access to the administration
     server console.

     The administration server will reside on the port which you
decided upon installing SuiteSpot.


Solution:

     1. Set write-protect permissions on the admpw file located at <server_root>/admin-serv/config/admpw
     2. Shut down the administration server in the following ways:
        A. Go to Server Manager and choose Admin Preferences|Shutdown. Click "Shut down the Administration Server".
        B. On a UNIX system:
                To stop the administration server, go to your server root and type "./stop-admin".
                To start or restart the server, type "./start-admin" and "./restart-admin" respectively.
        C. On NT:
                To stop the administration server, go to Control Panel|Services. Select the "Netscape Administration Server"
                and click Stop. To restart it, click Start.




--------------------------

by f0bic (kris@securax.org)
(5270090) ------------------------------------------(Ombruten)