NAI WebShield SMTP GET_CONFIG Information Disclosure

2000-05-25T00:00:00
ID OSVDB:326
Type osvdb
Reporter DCIST(securityteam@delphisplc.com)
Modified 2000-05-25T00:00:00

Description

Vulnerability Description

WebShield SMTP contains a flaw that allows a remote attacker to obtain configuration information from the product. The issue is due to the GET_CONFIG command requiring no authentication. If an attacker connects to port 9999 and issues this command, the system will display all of the WebShield configuration options which may allow more focused attacks.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds: 1. Run the service as a restricted user, not with SYSTEM privileges. 2. Use access controls to restrict access to port 9999

Short Description

WebShield SMTP contains a flaw that allows a remote attacker to obtain configuration information from the product. The issue is due to the GET_CONFIG command requiring no authentication. If an attacker connects to port 9999 and issues this command, the system will display all of the WebShield configuration options which may allow more focused attacks.

References:

Related OSVDB ID: 327 Nessus Plugin ID:10424 Mail List Post: http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0122.html Keyword: Port 9999 ISS X-Force ID: 4651 CVE-2000-0448 Bugtraq ID: 1253