| VID |
23026 |
| Severity |
20 |
| Port |
119 |
| Protocol |
TCP |
| Class |
NNTP |
| Detailed Description |
The NNTP server allows to post to newsgroups without authorization.
The NNTP is a TCP/IP protocol based upon text strings sent bidirectionally over TCP channels. It is used to support reading newsgroups, posting new articles, and transferring articles between news servers. The Posting access means user to post articles to newsgroup using POST command. If the NNTP server allows the posting access without authorization, a remote attacker can post arbitrary and illegal information that be used to mislead legitimate users, and can propagates it to the world as an access point with your computer.
* References:
http://www.iss.net/security_center/static/88.php
http://hq.mcafeeasap.com/vulnerabilities/vuln_data/15000.asp |
| Recommendation |
Disable the NNTP service if it's unused.
-- OR --
Restrict access to newsgroups.
For Unix/Linux systems :
- To Disable :
1. Edit the /etc/inetd.conf (or equivalent) file.
2. Locate the line that controls the service.
3. Type a # at the beginning of the line to comment out the service.
4. Restart inetd
- To Restrict access :
1. Edit the /usr/lib/news/nntp_access file.
2. Change the line starting with default
hostname read|xfer|both|no post|no [!exceptgroups]
=> default no no
For Windows systems :
- To Disable :
1. Open the MMC(Microsoft Management Console).
2. Right-click the NNTP virtual server and click the <STOP> menu.
- To Restrict access :
1. On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
2. Click the virtual server that you want to configure.
3. Click <Authentication> from the <Access Control> section of the <Access> tab.
4. On the Action menu, click Properties.
5. On the Access tab, click Authentication.
6. Click to select any combination of <Basic>, <Windows Security Package> or <SSL Client Authentication> check boxes. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
