Scott, There seems to be a problem with swais, could you please explain? We have been running it under a chroot for over a year now with no known problems. I am the project leader of WAIS and oversaw its development, so I would like to make sure this problem is understood and extinguished. John Curran of NNSC wrote the original version, Jonathan has been the maintainer of it and extender. Just to take a guess, are you running it for public login without doing a chroot? -brewster Date: Tue, 01 Sep 92 07:20:58 EDT From: Steve Goldstein--Ph +1-202-357-9717 <sgoldste@cise.cise.nsf.gov> George and Brewster, Please take note of this and act accordingly. (Thanks for the heads-up, Scott! I took the liberty of alerting the CERT with a cc: The community of serving organizations should be notified and the fix provided, when proven. If I'm behind the power curve, and if you have already done this, please excuse my misplaced zeal.) Thanks, Steve G. ------- Forwarded Message From: scottw@nic.ddn.mil (Scott Williamson) Message-Id: <9208312050.AA22641@nic.ddn.mil> Subject: Re: WAIS on DDN To: sgoldste@cise.cise.nsf.gov (Steve Goldstein--Ph +1-202-357-9717) Date: Mon, 31 Aug 92 16:50:13 EDT In-Reply-To: <9208282127.AA06081@cise.cise.nsf.gov>; from "Steve Goldstein--Ph +1-202-357-9717" at Aug 28, 92 5:27 pm X-Mailer: ELM [version 2.3 PL2] Steve, We have the login wais disabled. There is a security whole in the swais interface that you can drive a truck through. We are working on a fix so that we reactivate this feature. Mark Kosters has informed RIPE of the problem with an explanation of how one could get in. He also suggested the fix. Scott
SG> And, folks, what you really want to see is NIC databases accessible SG> with WAIS, so's you don't have to use their search fields, SG>but can SG> use any search string (e.g., telephone number, city, etc.) SG>NIC.DDN.MIL SG> has just brought up a WAIS server, and RIPE NCC has had one SG>up for a while SG> (wais.ripe.net). These are REALLY neat, as in "who does networking SG>in SG> Dresden?" --SG
I've managed to telnet to wais.nic.ddn.mil (192.112.38.103) but don't know the login/password. Can you advise?
Sorry. I did it with a WAIS client. I just tried logging in a telnet session with user=wais, password=<all_sorts_of_things_including_profanity>, but nothing worked. Ought not be passworded!
Scott?
--SG
Ripe works fine.
Regards, Peter Scott
------- End of Forwarded Message