Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SNMP Scans

From: MadHat <madhat () UNSPECIFIC COM>
Date: Tue, 13 Mar 2001 08:29:13 -0600
At 10:30 PM 3/12/2001 -0600, Omar Herrera wrote:

H Carvey wrote:
By the way, I found many NT proliant servers with this admin. tool
installed, during an audit, were vulnerable. More precisely, the web
server (some versions) on which this admin. tool runs allowed anyone to
retrieve files from directories distinct from those on which the admin.
tool files reside (well know vulnearbility in ancient versions of some
web servers).

Just try something like http://web.server.com:2301\..\..\..\windows\win.ini


Know issue for some time.  There is a patch for it, but last I checked, the
default install was still the buggy version.

http://www.securityfocus.com/vdb/bottom.html?vid=282



In the case of this audit, the problem was more complex because this
administration  tool is installed by default in many Compaq's servers,
the company who bought these servers were not familiar with Compaq
admin. tools and the reseller who installed these servers just 'forgot'
to tell the client about it. So they almost get these machines connected
to the internet with wide open holes accessible from the outside.

(Side note: as noted above, not all versions of the web server were
vulnerable, I can't recall the specific version numbers but nessus
detected the vulnerable servers easily, I suppose that any other decent
vulnerability scanner, open source or commercial will detect this as well).

Omar


--
MadHat at unspecific.com
Previous By Date Next
Previous By Thread Next

Current thread: