At 08:44 PM 3/22/2000 +0000, you wrote: >This has nothing to do with the web publishing feature in >NES but rather the "Directory Indexing" function. > >It seems SAFER found options a client can pass to the server >in order to use this feature. Because many people were >unaware of this function, it seems like a vulnerability. Yes -- but this "feature" lists the content of directories even when there is a valid index file in that directory. In such a case the server is supposed to display the index file, not a directory listing. Clearly, the observed behaviour is not what most system administrators would expect. reb reb@taco,com >To turn it off via the Admin Interface: >Select your seb site. Then select Content >Management->Document Preferences. Under the item titled >"Directory Indexing" select none. > >To turn it off in the config: >Look for this option in obj.conf: >Service method="(GET|HEAD)" type="magnus-internal/directory" >fn="index-common" > >Set fn equal to: fn="send-error" > > >Thanks, >Mike > >NetworkCommand.com > > > >Hello all, > >Netscape ENT 3.6 SP3 -or maybe it's SP2- on NT4.0 SP4, >vulnerable, even though >WebPublishing has never (not even just to try it out) been >enabled. All >commands (plus more that don't work) listed in bulletin are >contained in the >file >"_install_path_\SuiteSpot\plugins\content_mgr\bin\content_mgr.dll". > >regards, >amonotod > ><FONT >COLOR="#222255">>__________________________________________________________ ></FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">> S.A.F.E.R. Security Bulletin >000317.EXP.1.5</FONT> ><FONT >COLOR="#222255">>__________________________________________________________ ></FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>TITLE : Netscape Enterprise Server >and '?wp' tags</FONT> ><FONT COLOR="#222255">>DATE : March 17, 2000</FONT> ><FONT COLOR="#222255">>NATURE : Remote user can obtain >list of directories on Netscape</FONT> ><FONT COLOR="#222255">>Enterprise Server</FONT> ><FONT COLOR="#222255">>AFFECTED : Netscape Enterprise Server >3.x</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>PROBLEM:</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>Problem exists in Netscape Enterprise >Server that can allow remote user</FONT> ><FONT COLOR="#222255">>to obtain list of directories and >subdirectories on the server.</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>DETAILS:</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>Netscape Enterprise Server with 'Web >Publishing' enabled can be tricked</FONT> ><FONT COLOR="#222255">>into displaying the list of >directories and subdirectories, if user</FONT> ><FONT COLOR="#222255">>supplies certain 'tags'. For >example:</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">><A TARGET=nonlocal >HREF="/external/http://home.netscape.com/?wp-cs-dump">http://home.netscape. >com/?wp-cs-dump</A></FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>will reveal the contents of the root >directory on that web server.</FONT> ><FONT COLOR="#222255">>Contents of subdirectories can be >obtained as well. Other tags that can</FONT> ><FONT COLOR="#222255">>be used are:</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>?wp-ver-info</FONT> ><FONT COLOR="#222255">>?wp-html-rend</FONT> ><FONT COLOR="#222255">>?wp-usr-prop</FONT> ><FONT COLOR="#222255">>?wp-ver-diff</FONT> ><FONT COLOR="#222255">>?wp-verify-link</FONT> ><FONT COLOR="#222255">>?wp-start-ver</FONT> ><FONT COLOR="#222255">>?wp-stop-ver</FONT> ><FONT COLOR="#222255">>?wp-uncheckout</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>FIXES:</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>Disable 'Web Publishing'. It is safe >to assume that 'Web Publishing' is</FONT> ><FONT COLOR="#222255">>not the only feature that will >'activate' this problem. We have found</FONT> ><FONT COLOR="#222255">>few servers running Netscape >Enterprise Server that did not have 'Web</FONT> ><FONT COLOR="#222255">>Publishing' enabled, but were still >vulnerable to this problem. Until</FONT> ><FONT COLOR="#222255">>Netscape makes an official response >and clarify what is the cause of</FONT> ><FONT COLOR="#222255">>this problem, it is advised that you >test your server against this</FONT> ><FONT COLOR="#222255">>vulnerability, and if you are >vulnerable, try to disable certain</FONT> ><FONT COLOR="#222255">>features and services.</FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">>Netscape has been contacted on many >occasions, but has failed to</FONT> ><FONT COLOR="#222255">>respond.</FONT> ><FONT COLOR="#222255">></FONT> ><FONT >COLOR="#222255">>__________________________________________________________ ></FONT> ><FONT COLOR="#222255">></FONT> ><FONT COLOR="#222255">> S.A.F.E.R. - Security Alert For >Entreprise Resources</FONT> ><FONT COLOR="#222255">> Copyright (c) 2000 The >Relay Group</FONT> ><FONT COLOR="#222255">> <A TARGET=nonlocal >HREF="/external/http://safer.siamrelay.com">http://safer.siamrelay.com</A> >--- <A >HREF="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A></FONT> ><FONT >COLOR="#222255">>__________________________________________________________ ></FONT> ><FONT COLOR="#222255">></FONT> > >____________________________________________________________________ >Get your own FREE, personal Netscape WebMail account today >at <A TARGET=nonlocal >HREF="/external/http://webmail.netscape.com">http://webmail.netscape.com</A>.
