|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Security Issues with HIGHSPEEDWEB.NET leased servers
Subject: Security Issues with HIGHSPEEDWEB.NET leased servers
From: Brian Mueller (bmueller
CREOTECH.COM)
Date: Wed Jan 19 2000 - 19:42:09 CST
- Next message: Jeremy Johnson: "Re: ICQ Buffer Overflow Exploit"
- Previous message: SanMillan, Todd: "Graphiciizing su for NT WAS: RE: XML in IE 5.0"
- Next in thread: Brian Mueller: "Re: Security Issues with HIGHSPEEDWEB.NET leased servers"
- Reply: Brian Mueller: "Re: Security Issues with HIGHSPEEDWEB.NET leased servers"
- Reply: Pedro Hugo: "Re: Security Issues with HIGHSPEEDWEB.NET leased servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Recently I started leased a dedicated server from HIGHSPEEDWEB.NET, it came
preconfigured (somewhat) and I was told that it would be "secure" for telnet
(only specifically stated IP address(s) could gain access), etc. However, I
have found that this is not the case, it seems that they do not place
limiting information in the host.deny file so anyone can still telnet into
the server.
Also, their mail configuration which allows users to add mail aliases either
via a web interface or by editing a file called .mailalias in their home
directories is faulty. Users may place _ANY_ valid local domain into this
file and forward mail from that domain to their email address. The system
works by running a cron script once per day and updating the sendmail
virtual user database. The following is an example
person A has a webhosting account on the HIGHSPEEDWEB.NET configured server,
person B wishes to "steal" email from Person A, they are targeting the
salesperson-a-domain.com as the attacked address and they are going to have
that forwarded to foobar.com, they add the following line to their
.mailalias file
salesperson-a-domain.com foobar.com
when the next update occurs any email sent to salesperson-a-domain.com will
be forwarded to foobar.com, this also works with wildcards i..e.
person-a-domain.com foobar.com
would work if your entry is read into the sendmail virtual user database
before the one that exists in Person A's directory.
I notified HIGHSPEEDWEB.NET of the security issue well over a month ago and
have not had any response from them regarding a fix. I however did instate
one of my own my forcing users to call myself to have aliases added for the
time being.
Brian Mueller
*************************************************
Brian Mueller
President/CEO
CreoTech
"We are the future"
www.creotech.com
bmuellercreotech.com
513.722.8645
*************************************************
- Next message: Jeremy Johnson: "Re: ICQ Buffer Overflow Exploit"
- Previous message: SanMillan, Todd: "Graphiciizing su for NT WAS: RE: XML in IE 5.0"
- Next in thread: Brian Mueller: "Re: Security Issues with HIGHSPEEDWEB.NET leased servers"
- Reply: Brian Mueller: "Re: Security Issues with HIGHSPEEDWEB.NET leased servers"
- Reply: Pedro Hugo: "Re: Security Issues with HIGHSPEEDWEB.NET leased servers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Thu Jan 20 2000 - 18:23:26 CST