Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Follow UP AltaVista
From: AVsearch () AND AV COM (AVsearch)
Date: Thu, 30 Dec 1999 14:33:06 -0500


To disable this security hole temporarily, until a patch is
available later today, follow the steps detailed below.

Unfortunately, AltaVista was just apprised of this problem today.
(It is not clear who at AltaVista was contacted ~3 months ago.)

Regards,
AltaVista Engineering
---------------------

Full steps would be:

- edit <install-dir>/httpd/config file and change MGMT_IPSPEC from
"0.0.0.0/0" to a specific IP such as "127.0.0.1/32"
- stop page gathering via management interface
- restart altavista search service (to re-read config file)
- restart page gathering if necessary
- change the username/password through the management interface to bogus
information
- exploit server and download ../logs/mgtstate  (puts file in cache)
  http://localhost:9000/cgi-bin/query?mss=../logs/mgtstate
- change the username/password through the management interface to something
different (but not used anywhere else)
- avoid restarting the AltaVista service or clearing the cache

Now when a user grabs the file, they will get the old cached information
which
is now invalid.  This will last for as long as the mgtstate file stays in
the mhttpd's cache (until the service is restarted again).


  By Date           By Thread  

Current thread:
  • Re: Follow UP AltaVista AVsearch (Dec 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault