Bugtraq mailing list archives
Re: Security Issues with HIGHSPEEDWEB.NET leased servers
From: fractalg () HIGHSPEEDWEB NET (Pedro Hugo)
Date: Thu, 20 Jan 2000 23:35:33 -0000
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We at High Speed Hosting consider the post by one Brian Mueller, to BUGTRAQ , at best to be irresponsible and at worst , downright dangerous to our network and the thousands of business clients connected to it . Since we use bugtraq regularly , and realize its charter and purpose is an informational exchange and not a complaint box , we will not go any further into the personal side of this post. Instead , here is a direct reply to any security value that might or might not have been derived from that post: First , in response to the statement that Our Security Policy allows open telnet access to our servers. This is a complete mis-statement obviously by one who has no idea what he is doing with the administration of his dedicated server. High Speed Hosting turns over all dedicated server leases with telnet and daemons denied using TCPWrappers . The specific line in hosts.deny is ALL:ALL . We then urge the customer connected to our network , who has full root access to his server , and thus , has full control , to ONLY allow specific ports that are needed and only by specific IP address . In fact we urge them to use ONLY a dedicated ip and not open even to a class c ie: xxx.xxx.xxx.* Upon investigating this post we logged on to the dedicated server in question and noticed the customer himself had removed the ALL:ALL in the hosts.deny file and thus had opened the server to anyone wanting to acess it. We consider this a severe risk and unacceptable and we can't be held responsible for that. In regards to the second portion of the post which complained of a problem with our Control Panel systems email management features , High Speed Hosting Security Administrators , aware of the possibility that another customer hosted on the same server could if he wanted , divert email from another customer , immediately began a totally new Webcontrol [tm] System which uses a very different email system , including the use of qmail instead of sendmail. This new WebControl installation/upgrade began 17 days ago and is progressing nicely and will soon include all Virtual Hosting servers and Leased Dedicated NetROCK [tm] servers. One should look before he leaps. Mr P. Hugo Director of Security Genesis II Networks High Speed Hosting Division Security Administration Response Team - - -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Brian Mueller Sent: Quinta-feira, 20 de Janeiro de 2000 1:42 To: BUGTRAQ () SECURITYFOCUS COM Subject: Security Issues with HIGHSPEEDWEB.NET leased servers Recently I started leased a dedicated server from HIGHSPEEDWEB.NET, it came preconfigured (somewhat) and I was told that it would be "secure" for telnet (only specifically stated IP address(s) could gain access), etc. However, I have found that this is not the case, it seems that they do not place limiting information in the host.deny file so anyone can still telnet into the server. Also, their mail configuration which allows users to add mail aliases either via a web interface or by editing a file called .mailalias in their home directories is faulty. Users may place _ANY_ valid local domain into this file and forward mail from that domain to their email address. The system works by running a cron script once per day and updating the sendmail virtual user database. The following is an example person A has a webhosting account on the HIGHSPEEDWEB.NET configured server, person B wishes to "steal" email from Person A, they are targeting the sales () person-a-domain com as the attacked address and they are going to have that forwarded to foo () bar com, they add the following line to their .mailalias file sales () person-a-domain com foo () bar com when the next update occurs any email sent to sales () person-a-domain com will be forwarded to foo () bar com, this also works with wildcards i..e. @person-a-domain.com foo () bar com would work if your entry is read into the sendmail virtual user database before the one that exists in Person A's directory. I notified HIGHSPEEDWEB.NET of the security issue well over a month ago and have not had any response from them regarding a fix. I however did instate one of my own my forcing users to call myself to have aliases added for the time being. Brian Mueller ************************************************* Brian Mueller President/CEO CreoTech "We are the future" www.creotech.com bmueller () creotech com 513.722.8645 ************************************************* - -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.0.2i iQA/AwUBOIebj7Q4oqT8+RAqEQKAdwCg2yrLlmHjVMZNP+GenlTy3vZHj+0Amwdo P5HTatZ4DVhrRYwZIbvdIors =ICrR - -----END PGP SIGNATURE-----
Current thread:
- Security Issues with HIGHSPEEDWEB.NET leased servers Brian Mueller (Jan 19)
- Re: Security Issues with HIGHSPEEDWEB.NET leased servers Pedro Hugo (Jan 20)
- Nortel Contivity Vulnerability: typo foo (Jan 21)
- Re: Nortel Contivity Vulnerability: typo John Duksta (Jan 25)
- Re: Nortel Contivity Vulnerability: typo Ray Beaulieu (Jan 26)
- Re: Nortel Contivity Vulnerability: typo John Duksta (Jan 25)
- <Possible follow-ups>
- Re: Security Issues with HIGHSPEEDWEB.NET leased servers Brian Mueller (Jan 20)