Date: Thu, 28 Mar 2024 22:07:59 -0400 (EDT) Message-ID: <1467655871.537.1711678079287@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_536_998152389.1711678079286" ------=_Part_536_998152389.1711678079286 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A complete revision history is at the end of this file.
The CERT Coordination Center has received information concerning a vulne= rability in release 2 of NeXTstep's NetInfo default configuration. This vul= nerability will be corrected in future versions of NeXTstep.
By default, a NetInfo server process will provide information to any mac= hine that requests it.
Remote users can gain unauthorized access to the network's administrativ= e information such as the passwd file.
Ensure that the trusted_networks property of each NetInfo domain's root = NetInfo directory is set correctly, so that only those systems which should= be obtaining information from NetInfo are granted access. The value for th= e trusted_networks property should be the network numbers of the networks t= he server should trust.
Note that improperly setting trusted_networks can render your network un= usable.
Consult Chapter 16, "Security", of the NeXT Network and System Admini= stration manual for release 2 for details on setting the trusted_networ= ks property of the root NetInfo directory.
The CERT/CC wishes to thank NeXT Computer, Inc. for their cooperation in= documenting and publicizing this security vulnerability.
Copyright 1992 Carnegie Mellon University.
September 19,1997 Attached copyright statement