TITLE:
NetFORCE NAS Information Disclosure Security Issue

SECUNIA ADVISORY ID:
SA17033

VERIFY ADVISORY:
http://secunia.com/advisories/17033/

CRITICAL:
Not critical

IMPACT:
Exposure of sensitive information

WHERE:
>From remote

OPERATING SYSTEM:
NetFORCE 800
http://secunia.com/product/5796/

DESCRIPTION:
bambenek has reported a security issue in NetFORCE NAS (Network
Attached Storage), which potentially can be exploited by malicious
people to gain knowledge of certain sensitive information.

The security issue is caused due to the appliance sending out the NIS
password map as a file attachment (passwd.nis) when the appliance is
configured to send diagnostic e-mail messages. This can potentially
reveal the NIS password hashes.

The security issue has been reported in version NetFORCE 800 version
4.02 M10 (Build 20).

SOLUTION:
The product has reached its End-of-Life and has been discontinued.
http://128.121.57.28/info.asp

PROVIDED AND/OR DISCOVERED BY:
bambenek

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------