security hole in swais, FYI

• Previous message (by thread): security hole in swais, FYI
• Next message (by thread): security hole in swais, FYI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott,

There seems to be a problem with swais, could you please explain?

We have been running it under a chroot for over a year now with no known
problems.  I am the project leader of WAIS and oversaw its development, so
I would like to make sure this problem is understood and extinguished.

John Curran of NNSC wrote the original version, Jonathan has been the
maintainer of it and extender.

Just to take a guess, are you running it for public login without doing a
chroot?

-brewster


   Date: Tue, 01 Sep 92 07:20:58 EDT
   From: Steve Goldstein--Ph +1-202-357-9717 <sgoldste at cise.cise.nsf.gov>

   George and Brewster,

   Please take note of this and act accordingly.

   (Thanks for the heads-up, Scott!  I took the liberty of alerting the CERT with
   a cc:  The community of serving organizations should be notified and the fix
   provided, when proven.  If I'm behind the power curve, and if you have already
   done this, please excuse my misplaced zeal.)

   Thanks,

   Steve G.
   ------- Forwarded Message

   From: scottw at nic.ddn.mil (Scott Williamson)
   Message-Id: <9208312050.AA22641 at nic.ddn.mil>
   Subject: Re: WAIS on DDN
   To: sgoldste at cise.cise.nsf.gov (Steve Goldstein--Ph +1-202-357-9717)
   Date: Mon, 31 Aug 92 16:50:13 EDT
   In-Reply-To: <9208282127.AA06081 at cise.cise.nsf.gov>; from "Steve Goldstein--Ph +1-202-357-9717" at Aug 28, 92 5:27 pm
   X-Mailer: ELM [version 2.3 PL2]

   Steve,

      We have the login wais disabled.  There is a security whole in the swais 
   interface that you can drive a truck through.  We are working on a fix 
   so that we reactivate this feature.  Mark Kosters has informed RIPE of the
   problem with  an explanation of how one could get in.  He also suggested 
   the fix.

   Scott

   > 
   > 
   >   >SG>   And, folks, what you really want to see is NIC databases accessible
   >   >SG>   with WAIS, so's you don't have to use their search fields,
   >   >SG>but can
   >   >SG>   use any search string (e.g., telephone number, city, etc.)
   >   >SG>NIC.DDN.MIL
   >   >SG>   has just brought up a WAIS server, and RIPE NCC has had one
   >   >SG>up for a while
   >   >SG>   (wais.ripe.net).  These are REALLY neat, as in "who does networking
   >   >SG>in
   >   >SG>   Dresden?"  --SG
   >   >
   >   >I've managed to telnet to wais.nic.ddn.mil (192.112.38.103)
   >   >but don't know the login/password. Can you advise?
   >   >
   > Sorry.  I did it with a WAIS client.  I just tried logging in a telnet
   > session with user=wais, password=<all_sorts_of_things_including_profanity>,
   > but nothing worked.  Ought not be passworded!  
   > 
   > Scott?
   > 
   > --SG
   >   >Ripe works fine.
   >   >
   >   >Regards,
   >   >Peter Scott
   > 


   ------- End of Forwarded Message

• Previous message (by thread): security hole in swais, FYI
• Next message (by thread): security hole in swais, FYI
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]