IBM developerWorks ncp 2.1 Remote Information Disclosure

2012.07.01

Credit: BugsNotHugs

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

http://www.ibm.com/developerworks/systems/articles/free_tools/index.html
Can visit ncp pages and get info without authentication!
http://target:8282/
gives version
http://target:8282/real/lsconf.html
detailed config info including:
System Model
Machine Serial Number
Processor Type
Number of Processors
Processor Clock Speed
CPU Type
Kernel Type
LAPR Info
Memory Size
Firmware Version
Console Login (if enabled or not)
Auto Restart status
Host Name
Gateway IP
Name Server
Domain Name
Volume Group Info
http://target:8282/real.html
Graphs for host
File System Use
CPU Utilisation (User+System)

References:

http://www.ibm.com/developerworks/systems/articles/free_tools/index.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

IBM developerWorks ncp 2.1 Remote Information Disclosure

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.