[原文]ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.
Discovered by Phuzzy L0gic [email@example.com] and published in an NMRC Advisory on November 26, 2001.
Sun NetDynamics 5.0
Sun NetDynamics 4.1.3
Sun NetDynamics 4.1.2
Sun NetDynamics 4.1
Sun NetDynamics 4.0
NetDynamics is an application server platform designed to provide a comprehensive solution for enterprise level portal applications.
When a user attempts to authenticate to NetDynamics, they are given a session id, and a random unique identifier. When a subsequent user authenticates successfully, these values may be used for a brief period of time to execute a command as that subsequent user.
An attacker with knowledge of the NetDynamics command structure may be able to hijack that user account, gaining full control over it.
It is possible that earlier versions of NetDynamics are also vulnerable.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
Phuzzy L0gic [firstname.lastname@example.org] suggests that not allowing multiple logins from the same domain may help detect this attack.