1. Introduction
The Novell NetWare Web Server sewse.nlm (viewcode.jse) Traversal vulnerability allows remote attackers to view source code files on a vulnerable system. This can lead to the disclosure of sensitive information, including passwords and configuration details. Systems running Nombas ScriptEase Web Server Edition for NetWare are typically affected. A successful exploit could compromise confidentiality, integrity, and availability due to potential access to critical system data like the RCONSOLE password stored in AUTOEXEC.NCF.
2. Technical Explanation
- Root cause: Missing input validation on user-supplied data within the ‘sewse.nlm’ page and associated script processing.
- Exploit mechanism: An attacker can craft a URL containing a malicious path to access files beyond the web root. For example, an attacker could use a URL like
http://example.com/sewse.nlm?file=../AUTOEXEC.NCFto attempt to view the contents of the AUTOEXEC.NCF file. - Scope: Affected platforms are those running Nombas ScriptEase Web Server Edition for NetWare. Specific versions were not detailed in the provided context.
3. Detection and Assessment
Confirming vulnerability requires checking the installed version of Nombas ScriptEase and testing access to files outside the web root. A quick check involves identifying if the software is present, followed by a thorough attempt to read sensitive system files.
- Quick checks: Check for the presence of sewse.nlm on the server file system.
- Scanning: Nessus ID 837eab78 may detect this vulnerability as an example only.
- Logs and evidence: Web server logs should be examined for requests to ‘sewse.nlm’ with unusual or suspicious parameters.
ls -l /path/to/webserver/sewse.nlm4. Solution / Remediation Steps
Removing sample scripts from the web server is the recommended solution to address this vulnerability.
4.1 Preparation
- Dependencies: None known. Roll back involves restoring the backed-up web server configuration.
- Change window: A standard maintenance window is recommended due to potential service disruption. Approval from a system administrator is advised.
4.2 Implementation
- Step 1: Identify and remove all sample scripts located within the web server’s document root directory.
- Step 2: Restart the Novell NetWare Web Server service to apply the changes.
4.3 Config or Code Example
Before
# Sample scripts present in web root directoryAfter
# No sample scripts remaining in web root directory4.4 Security Practices Relevant to This Vulnerability
Several security practices can help prevent this type of vulnerability. Least privilege reduces the impact if exploited, while input validation blocks unsafe data from being processed.
- Practice 1: Implement least privilege access controls on web server files and directories to limit potential damage from a successful attack.
4.5 Automation (Optional)
No suitable automation script is provided, as this requires manual inspection and removal of files.
5. Verification / Validation
Confirming the fix involves verifying that sample scripts have been removed and attempting to access sensitive system files through the ‘sewse.nlm’ page.
- Post-fix check: Confirm that no sample scripts are present in the web server’s document root directory using
ls -l /path/to/webserver. - Re-test: Attempt to access a sensitive file, such as AUTOEXEC.NCF, through the ‘sewse.nlm’ page with a crafted URL (e.g.,
http://example.com/sewse.nlm?file=../AUTOEXEC.NCF). A successful attack should no longer be possible. - Monitoring: Monitor web server logs for any attempts to access ‘sewse.nlm’ with unusual parameters.
ls -l /path/to/webserver6. Preventive Measures and Monitoring
Updating security baselines and implementing input validation checks in deployment pipelines can help prevent similar vulnerabilities. A sensible patch or configuration review cycle should be established based on the risk.
- Baselines: Update a security baseline to include restrictions on sample scripts within web server directories.
- Asset and patch process: Implement a regular review cycle for web server configurations and apply necessary patches promptly.
7. Risks, Side Effects, and Roll Back
Removing sample scripts may disrupt applications that rely on them. The roll back steps involve restoring the backed-up web server configuration.
- Roll back: Restore the previously backed up web server configuration files. Restart the Novell NetWare Web Server service.
8. References and Resources
Links to official advisories and trusted documentation related to this specific vulnerability.
- Vendor advisory or bulletin: http://www.irmplc.com/index.php/113-Advisory-002
- NVD or CVE entry: CVE-2001-1580
- Product or platform documentation relevant to the fix: No specific documentation was provided in the context.