Jump to content

OH CRA* FileMaker Server HACKED or.....

Leb i Sol
 Share

This topic is 7939 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Leb i Sol Mentor

Leb i Sol

Posted
Posted

hi Guys!

Here is another VERY concerning security new:

http://www.securityspace.com/smysecure/catid.html?id=11586

Category: Remote file access

Title: FileMakerPro Detection

Summary: connects to port 49727 and says 'hello'

CVE: Not Available

Bugtraq ID: 7315

Description:

The remote host is running a FileMakerPro server on this port.

There is a flaw in the design of the FileMakerPro server which

makes the database authentication occur on the client side.

An attacker may exploit this flaw to gain access to your databases

without knowing their password, only by connecting to this port

with a rogue client.

Solution : Do not store any sensitive data in your FileMakerPro database.

Risk Factor : High

Copyright: This script is © 2003 Renaud Deraison

-----------------------------------

vulnerable FileMaker FileMaker Pro 5.0

- Apple MacOS 8.0

- Apple MacOS 8.1

- Apple MacOS 8.5

- Apple MacOS 8.6

- Apple MacOS 9.0

- Microsoft Windows NT 4.0

FileMaker FileMaker Pro 5.5 Unlimited

FileMaker FileMaker Pro 5.5

FileMaker FileMaker Pro 6.0 Unlimited

FileMaker FileMaker Pro 6.0

FileMaker FileMaker Server 5.0

FileMaker FileMaker Server 5.5

----------------------------------

solution ANYONE blush.gif

cjaeger Experienced

cjaeger

Posted
Posted

that's what firewalls and vpn connections are made for ...

Rule # 1. do not put any sensitive data anywhere near the web - there is no such thing as a 100% secure web solution.

Leb i Sol Mentor

Leb i Sol

Posted
  • Author
Posted

that's what firewalls and vpn connections are made for ...

I know...but still not a good news...VPNs are nice but not always possible - 1/2 static 1/2 DHCP on IPS side :

100% well in some sence everything is over the "wire" how ever you want to define it

we will see what FM support says...they didn't even know about it is what really scares me blush.gif not the fact that I have to deal with it

Garry Claridge Grand Master

Garry Claridge

Posted
Posted

The report seems a bit odd to me.

Re: There is a flaw in the design of the FileMakerPro server which

makes the database authentication occur on the client side.

Authentication does not occur on the client-side for WebCompanion.

It may be referring to a Server running as a service on a particular platform. Maybe they are saying that you can become localhost through that port and then access the database.

Also, why would you leave port 49727 open?

All the best.

Garry

cjaeger Experienced

cjaeger

Posted
Posted

the flaw affects filemakers ability to connect to remote databases (peer-to-peer or filemaker server), not web companion. so unless you turn multi-user access on, you should be fine ...

Anatoli Grand Master

Anatoli

Posted
Posted

How you can connect to port 49727 with "rogue client"?

What is rogue client?

The whole report talks in strange language.

Anyway, does it affect port 5003? If not, what is the fuss about? Every sensible network has firewall.

Leb i Sol Mentor

Leb i Sol

Posted
  • Author
Posted

Hi People!

I am sorry I don't have more info...I am waiting for FM techs to see what they have to say about it. As far as port # is concecerned...well even if you are running just a port 80 it still (in my mind) is an issue. I can't speak of Mac servers by I know that Win based systems will "talk" through port 80 ,and IF not specified on FireWall, other ports can become open...eg. Kazaa...runs on 1412 (or 1214 )but establishes connection using port 80 ... if 1412 is blocked by firewall another "high-number port" is assigned automatically.

Anyway, didn't mean to scare people smile.gif just was wondering if anyone else has heard of this issue...FM support obvisoly didn't.

Leb i Sol Mentor

Leb i Sol

Posted
  • Author
Posted

unless = yes

I do have multi-user since LAN people do most of the DB updates...remote users run of WebCompadre (#80 not #5003 due to speed issues)...sooooo

cjaeger Experienced

cjaeger

Posted
Posted

sooo block the port on the outside interface, but leave it open for your internal ips ... - provided your server has 2 NICs and an internal firewall ... or if server is running in a DMZ, i.e. a firewall is forwarding reqests on port 80 to your internal FileMaker server, simply block any other ports originating from your inside FileMaker Server and outside 49727.

Anyway, I could not connect to port 49727 on my machine running FMP 6 with Multi-User and Web Companion on ...

5003 and 80 worked ...

Leb i Sol Mentor

Leb i Sol

Posted
  • Author
Posted

thanx cjaeger...that is good to know wink.gif

I am not worried about the " network setup" but (see post above) more a about potential "port switching through #80" of this issue. As I said the report I got was so vague that it made a bit worried (not just for FM but other nodes)and on the top of it all....FM reps responded to this issue with a "HA!?...what port?" shocked.gif

I would rather be safe than sorry wink.gif ...anyway I just though to share this info even if it turns out to be harmless

This topic is 7939 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept