Standard & Poor’s ComStock机器漏洞-一一网

漏洞信息详情

Standard & Poor’s ComStock机器漏洞

CNNVD编号：CNNVD-200001-065

危害等级：超危
CVE编号：
CVE-2000-0109
漏洞类型：

未知
发布时间：

2000-01-31
威胁类型：

远程
更新时间：

2005-10-20
厂商：

comstock
漏洞来源：
This vulnerability…

漏洞简介

Standard和Poor\’\’s ComStock中mcsp Client Site Processor系统(MultiCSP)存在漏洞。安装时有多个账户，其中一些没有密码，一些是容易猜测的默认密码。

漏洞公告

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Some work arounds:
1) Remove /etc/issue, as it lists many of the accounts on these machines.
2) Change the passwords on all the accounts present in /etc/passwd to stronger passwords, or lock them entirely. This may cause issues — as such, care should be taken, and the vendor should be contacted to determine the impact of doing this.
3) Eliminate unneeded services. Samba, a webserver, portmapper, and SNMP are just a few of the services running that are probably unneeded.
4) Use TCP wrappers, and use ipchains to limit access to the machine to the specific IP’s which should connect to it. Two hosts which likely need to have access are listed in the /etc/hosts file:
172.23.94.10 BIG1
172.23.95.10 BIG2
These suggestions are by no means comprehensive, and even having performed the above, it is likely the machine may be susceptible to other problems, as it is running a fairly old distribution of RedHat.

参考网址

Vulnerable software and versionsConfiguration 1OR* cpe:/a:comstock:multicsp:4.2* Denotes Vulnerable Software* Changes related to vulnerability configurations

Technical DetailsVulnerability Type (View All)
CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0109