[UNIX] Procom Technology NetFORCE Information Disclosure Vulnerability
From: SecuriTeam (support_at_securiteam.com)
Date: 10/06/05
- Previous message: SecuriTeam: "[UNIX] apachetop Insecure Temporary File Creation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 6 Oct 2005 15:49:52 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Procom Technology NetFORCE Information Disclosure Vulnerability
------------------------------------------------------------------------
SUMMARY
NetFORCE - NAS(Network Attached Storage) by <http://www.procom.com/>
Procom Technology. NetFORCE sold its intellectual property to Sun and Sun
uses the same systems to base their NAS solution off of.
Procom Technology NetFORCE is vulnerable to an information disclosure.
Specifically, the NAS operating system sends out in a diagnostic email its
password hashes in plaintext.
DETAILS
Vulnerable Systems:
* NetFORCE 800, v 4.02 M10 (Build 20)
NetFORCE's operating system on the NAS includes the ability to send a
diagnostic e-mail with a wealth of information to the technician to be
able to diagnose problems without providing direct remote access. This
diagnostic email includes output from various programs, statistical
reports, and several file attachments.
One of these file attachments (passwd.nis) includes the NIS password map
of any domain it is bound to, happily sending the entire domains password
hashes in the clear across the Internet over sendmail. This doesn't
impact you if you don't use NIS as the other files that include user
information "blank" out the password information.
Because the NetFORCE website no longer has software versioning
information, it is not possible to test on other versions or determine
which versions are or are not vulnerable.
ADDITIONAL INFORMATION
The information has been provided by <mailto:bambenek@gmail.com>
bambenek.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] apachetop Insecure Temporary File Creation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
