security hole in swais, FYI
Brewster Kahle
brewster at Think.COM
Tue Sep 1 13:29:20 UTC 1992
Scott,
There seems to be a problem with swais, could you please explain?
We have been running it under a chroot for over a year now with no known
problems. I am the project leader of WAIS and oversaw its development, so
I would like to make sure this problem is understood and extinguished.
John Curran of NNSC wrote the original version, Jonathan has been the
maintainer of it and extender.
Just to take a guess, are you running it for public login without doing a
chroot?
-brewster
Date: Tue, 01 Sep 92 07:20:58 EDT
From: Steve Goldstein--Ph +1-202-357-9717 <sgoldste at cise.cise.nsf.gov>
George and Brewster,
Please take note of this and act accordingly.
(Thanks for the heads-up, Scott! I took the liberty of alerting the CERT with
a cc: The community of serving organizations should be notified and the fix
provided, when proven. If I'm behind the power curve, and if you have already
done this, please excuse my misplaced zeal.)
Thanks,
Steve G.
------- Forwarded Message
From: scottw at nic.ddn.mil (Scott Williamson)
Message-Id: <9208312050.AA22641 at nic.ddn.mil>
Subject: Re: WAIS on DDN
To: sgoldste at cise.cise.nsf.gov (Steve Goldstein--Ph +1-202-357-9717)
Date: Mon, 31 Aug 92 16:50:13 EDT
In-Reply-To: <9208282127.AA06081 at cise.cise.nsf.gov>; from "Steve Goldstein--Ph +1-202-357-9717" at Aug 28, 92 5:27 pm
X-Mailer: ELM [version 2.3 PL2]
Steve,
We have the login wais disabled. There is a security whole in the swais
interface that you can drive a truck through. We are working on a fix
so that we reactivate this feature. Mark Kosters has informed RIPE of the
problem with an explanation of how one could get in. He also suggested
the fix.
Scott
>
>
> >SG> And, folks, what you really want to see is NIC databases accessible
> >SG> with WAIS, so's you don't have to use their search fields,
> >SG>but can
> >SG> use any search string (e.g., telephone number, city, etc.)
> >SG>NIC.DDN.MIL
> >SG> has just brought up a WAIS server, and RIPE NCC has had one
> >SG>up for a while
> >SG> (wais.ripe.net). These are REALLY neat, as in "who does networking
> >SG>in
> >SG> Dresden?" --SG
> >
> >I've managed to telnet to wais.nic.ddn.mil (192.112.38.103)
> >but don't know the login/password. Can you advise?
> >
> Sorry. I did it with a WAIS client. I just tried logging in a telnet
> session with user=wais, password=<all_sorts_of_things_including_profanity>,
> but nothing worked. Ought not be passworded!
>
> Scott?
>
> --SG
> >Ripe works fine.
> >
> >Regards,
> >Peter Scott
>
------- End of Forwarded Message
More information about the NANOG
mailing list