Procheckup Ltd www.procheckup.com Procheckup Security Bulletin PR02-3 Description: Netware default programs display server information to attackers. Date: 8/1/2002 Application: Netware enterprise web server Platform: Novell NetWare 5.0 Severity: Remote attackers can discover the location of the webroot Authors: Richard Brain [richard.brain@procheckup.com] Vendor Status: CVE Candidate: Not assigned Reference: www.procheckup.com/security_info/vuln.html Description: NetWare 5.1 installed with default settings, installs with the Novonyx webserver. This webserver resides on port 80 and comes with sample files which disclose information 1) Requesting the following url :- http://webserver/perl/samples/lancgi.pl Gives lan board details. Lan Boards Description Address Media Type Board Number Board Instance Compaq Ethernet or Fast Ethernet NIC 658B50004354 ETHERNET_802.2 1 1 Compaq Ethernet or Fast Ethernet NIC 658B50004354 ETHERNET_II 2 1 2) Requesting the following url :- http://webserver/perl/samples/volscgi.pl Gives the volume names with status information Volumes Description Total Space Free Space Block Size Total Dir SYS 6065984 5390848 65536 66048 3) Requesting the following url :- http://webserver/perl/samples/ndslogin.pl Seems to allow remote interactive logins.... with NDS tree viewing Login to NDS and enumerate the contents ------------------------------------------------------------ -------------------- Fullname: ex: nds:\\novell_tree\novell_context Username: * Password: 4) Requesting the following url :- http://webserver/netbasic/websinfo.bas Gives the server name and exact netware version running Company: Novell Revision: NetWare 5.00i Date: 27 March 2000 Solution: Delete all default example programs if not needed. Legal: Copyright 2002 Procheckup Ltd. All rights reserved. Permission is granted for copying and circulating this Bulletin to the Internet community for the purpose of alerting them to problems, if and only if, the Bulletin is not edited or changed in any way, is attributed to Procheckup, and provided such reproduction and/or distribution is performed for non-commercial purposes. Any other use of this information is prohibited. Procheckup is not liable for any misuse of this information by any third party.