CVE-2000-0109
CVSS10.0
发布时间 :2000-01-31 00:00:00
修订时间 :2008-09-10 15:02:55
NMCOES    

[原文]The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.


[CNNVD]Standard & Poor's ComStock机器漏洞(CNNVD-200001-065)

        Standard和Poor's ComStock中mcsp Client Site Processor系统(MultiCSP)存在漏洞。安装时有多个账户,其中一些没有密码,一些是容易猜测的默认密码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0109
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0109
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200001-065
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

Standard & Poor's ComStock机器漏洞
危急 未知
2000-01-31 00:00:00 2005-10-20 00:00:00
远程※本地  
        Standard和Poor's ComStock中mcsp Client Site Processor系统(MultiCSP)存在漏洞。安装时有多个账户,其中一些没有密码,一些是容易猜测的默认密码。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
        Some work arounds:
        1) Remove /etc/issue, as it lists many of the accounts on these machines.
        2) Change the passwords on all the accounts present in /etc/passwd to stronger passwords, or lock them entirely. This may cause issues -- as such, care should be taken, and the vendor should be contacted to determine the impact of doing this.
        3) Eliminate unneeded services. Samba, a webserver, portmapper, and SNMP are just a few of the services running that are probably unneeded.
        4) Use TCP wrappers, and use ipchains to limit access to the machine to the specific IP's which should connect to it. Two hosts which likely need to have access are listed in the /etc/hosts file:
         172.23.94.10 BIG1
         172.23.95.10 BIG2
        These suggestions are by no means comprehensive, and even having performed the above, it is likely the machine may be susceptible to other problems, as it is running a fairly old distribution of RedHat.

- 漏洞信息 (19823)

Standard & Poors ComStock 4.2.4 Machine Vulnerabilities (EDBID:19823)
unix local
2000-03-24 Verified
0 kadokev
N/A [点击下载]
source: http://www.securityfocus.com/bid/1080/info

Numerous vulnerabilities exist in the ComStock product, as sold by Standard & Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In addition, it contains numerous accounts with weak, or nonexistent passwords.

The ComStock MultiCSP machine is intended to provide a realtime stock quote stream. It runs a proprietary service called 'mcsp' to provide this service. These machines acquire their data via a leased line, or other dedicated data connection. They used reserved address space. However, no attempt is made to prevent these ComStock machines from being used to compromise other machines on the private network. In addition, the routers utilized on the private network these machines communicate over are internet-accessible. 

There are numerous accounts with easily guessable passwords. The following are well known passwords:
User: root Password: c0mst0ck
User: helpmcsp: Password: (none)
User: helpicl Password: (none)

The helpmcsp and helpicl accounts will display a set of help to the user accessing these accounts, using the 'more' command. Shell level access can be gained as follows:
Hit 'v' to bring up the file in vi
:set shell=/bin/bash <RETURN>
:shell <RETURN>

In addition, many RedHat 5.1 exploits should allow for the compromise of these machines. 		

- 漏洞信息

320
Standard & Poor's ComStock MultiCSP Default Account
Local / Remote Authentication Management
Loss of Integrity Workaround
Exploit Public Third-party Verified

- 漏洞描述

By default, Standard & Poor's ComStock MultiCSP installs with a default password. The 'root' account has a password of c0mst0ck and the 'helpmcsp' and 'helpicl' accounts have no passwords initially, which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

- 时间线

2000-01-31 Unknow
Unknow Unknow

- 解决方案

Immediately after installation, change all default installed accounts to use a unique and secure password. When possible, change default account names to custom names as well.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Standard & Poor's ComStock Machine Vulnerabilities
Unknown 1080
Yes Yes
2000-03-24 12:00:00 2009-07-11 01:56:00
This vulnerability was posted to the Bugtraq mailing list by kadokev@msg.net on March 24, 2000. A followup was posted on May 17, 2000 by Stephen Friedl <friedl@mtndew.com>

- 受影响的程序版本

Standard & Poors ComStock 4.2.4

- 漏洞讨论

Numerous vulnerabilities exist in the ComStock product, as sold by Standard &amp; Poor's. ComStock is based on the RedHat 5.1 distribution, and contains many of the vulnerabilities found in the 5.1 distribution. In addition, it contains numerous accounts with weak, or nonexistent passwords.

The ComStock MultiCSP machine is intended to provide a realtime stock quote stream. It runs a proprietary service called 'mcsp' to provide this service. These machines acquire their data via a leased line, or other dedicated data connection. They used reserved address space. However, no attempt is made to prevent these ComStock machines from being used to compromise other machines on the private network. In addition, the routers utilized on the private network these machines communicate over are internet-accessible.

- 漏洞利用

There are numerous accounts with easily guessable passwords. The following are well known passwords:
User: root Password: c0mst0ck
User: helpmcsp: Password: (none)
User: helpicl Password: (none)

The helpmcsp and helpicl accounts will display a set of help to the user accessing these accounts, using the 'more' command. Shell level access can be gained as follows:
Hit 'v' to bring up the file in vi
:set shell=/bin/bash &lt;RETURN&gt;
:shell &lt;RETURN&gt;

In addition, many RedHat 5.1 exploits should allow for the compromise of these machines.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Some work arounds:
1) Remove /etc/issue, as it lists many of the accounts on these machines.
2) Change the passwords on all the accounts present in /etc/passwd to stronger passwords, or lock them entirely. This may cause issues -- as such, care should be taken, and the vendor should be contacted to determine the impact of doing this.
3) Eliminate unneeded services. Samba, a webserver, portmapper, and SNMP are just a few of the services running that are probably unneeded.
4) Use TCP wrappers, and use ipchains to limit access to the machine to the specific IP's which should connect to it. Two hosts which likely need to have access are listed in the /etc/hosts file:
172.23.94.10 BIG1
172.23.95.10 BIG2

These suggestions are by no means comprehensive, and even having performed the above, it is likely the machine may be susceptible to other problems, as it is running a fairly old distribution of RedHat.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站