SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Sun ONE/iPlanet Web Server Vendors:   Sun
(Sun Issues Fix) Re: iPlanet Web Server Input Validation Bug in Search Function Discloses Files on the System to Remote Users
SecurityTracker Alert ID:  1005237
SecurityTracker URL:  http://securitytracker.com/id/1005237
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 17 2002
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.1
Description:   An information disclosure vulnerability was reported in Sun's iPlanet Web Server. A remote user can view files on the system, including files that are located outside of the web document directory.

It is reported that a remote user can invoke the NS-query-pat command to specify an arbitrary pattern file and view the contents of that user-specified file. The search engine apparently does not properly validate the query pattern. A remote user can use the following type of HTTP command to view files on the server:

GET /search?NS-query-pat=..\..\..\..\..\boot.ini

According to the report, the search engine is disabled by default on version 6.0.

Impact:   A remote user can view files on the system.
Solution:   Sun has released the following fixes:

* iPlanet Web Server 4.1 Service Pack 11 or later
* Sun ONE Web Server 6.0 Service Pack 4 or later

The above upgrades are available at the following web site:

* http://wwws.sun.com/software/download/inter_ecom.html#webs


Sun has also described the following workaround:

It is strongly recommended to turn off the search subsystem on the web server until you are able to upgrade (see Resolution). This is disabled throught the user interface and will stop users from being able to search the web site. Please see http://docs.sun.com/source/816-5682-10/essearch.htm#997738 for more information.

It is also recommended to ensure that the user id of the web server does not have system permissions to files that are not used by that user id. This is difficult on Windows NT because the web server normally needs to run as a system service. On UNIX systems it is also advised that the system administrator runs the web server in a chroot(1M) environment.

Vendor URL:  sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46127 (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (NT), Windows (2000), error, Linux (Red Hat Linux), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS)

Message History:   This archive entry is a follow-up to the message listed below.
Jul 10 2002 iPlanet Web Server Input Validation Bug in Search Function Discloses Files on the System to Remote Users



 Source Message Contents

Subject:  Sun Alert 46127


http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46127

Sun issued a Sun Alert (46127) warning of a remote file viewing
vulnerability in the Sun ONE web server.

Sun reports that a remote user can view and read files on systems
running a Sun ONE, iPlanet, or Netscape Web Server.  The files that are
viewable are only those which the web server (which runs as uid
'nobody') can access and is reportedly limited to world readable files.

This issue is described at:

http://www.cgisecurity.net/archive/webservers/iplanet_search-option-remote_file_viewing.txt


Sun has released the following fixes:

    * iPlanet Web Server 4.1 Service Pack 11 or later
    * Sun ONE Web Server 6.0 Service Pack 4 or later

The above upgrades are available at the following web site:

    * http://wwws.sun.com/software/download/inter_ecom.html#webs


Sun has also described the following workaround:

It is strongly recommended to turn off the search subsystem on the web
server until you are able to upgrade (see Resolution). This is disabled
throught the user interface and will stop users from being able to
search the web site. Please see
http://docs.sun.com/source/816-5682-10/essearch.htm#997738 for more
information.

It is also recommended to ensure that the user id of the web server does
not have system permissions to files that are not used by that user id.
This is difficult on Windows NT because the web server normally needs to
run as a system service. On UNIX systems it is also advised that the
system administrator runs the web server in a chroot(1M) environment.


    * Product: iPlanet Web Server, Sun ONE Web Server
    * BugIDs: 4712812, 4713024
    * Avoidance: Workaround, Upgrade
    * State: Resolved
    * Date Released: 16-Sep-2002
    * Date Closed: 16-Sep-2002
    * Date Modified:


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC