Full Disclosure mailing list archives
Re: State of Alaska Related
From: pwnd.security.pwnd <pwnd.security.pwnd () gmail com>
Date: Mon, 23 Jul 2007 22:14:09 -0400
They claimed they took down Internet access to the servers but it's still there. Read their advisory on their Unicenter System Help Pages: ----------------------------------- 07/23/2007 05:37 pm The Enterprise Technology Services Help Center has been advised effective immediately, outside internet access to the following servers has been removed due to widespread publishing of vulnerabilities to these systems: HELPDESK.STATE.AK.US INTRA1.ADMIN.STATE.AK.US HELPDESK.STATE.AK.US is our state internal USD system. The vulnerability would allow the unrestricted viewing of any USD within this system, as well as obtaining USERID and contact information of anyone in LDAP. Removing internet access to this system will affect mainly state contractors such as GCI, ACS, WWT, and telephone contractors statewide. INTRA1.ADMIN.STATE.AK.US is also known as the "DOA intranet site" and contains many applications written over time to many DOA divisions. There are known vulnerabilities on this server and until we can remediate these vulnerabilities we will continue to block this server from internet access. If you discover applications that are not working, or not working correctly because of this action please contact the ETS helpcenter at 907-465-4801 or help_center () admin state ak us. ETS will continue to work this vulnerability and issue regular updates. We apologize for the inconvenience and would not take this action if the vulnerability was not severe. For more details, please review USD so35497. On 7/23/07, pwnd. security. pwnd <pwnd.security.pwnd () gmail com> wrote:
Bypasses LDAP. http://intra1.admin.state.ak.us/authContact/search/ https://helpdesk.state.ak.us/CAisd/pdmweb.exe?USERNAME=eso_tech+use_template=1+OP=CREATE_NEW+FACTORY=chg -- pwnd.security.pwnd
-- pwnd.security.pwnd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- State of Alaska Related pwnd . security . pwnd (Jul 23)
- Re: State of Alaska Related pwnd . security . pwnd (Jul 23)
- Re: State of Alaska Related pwnd . security . pwnd (Jul 24)