Bugtraq mailing list archives

Re: FW: Vulnerability in Novell Netware

From: Jeffrey Seaton <jseaton () TCSERVE COM>
Date: Wed, 14 Mar 2001 16:25:17 -0600

Yeah I took a look at this but it is not a problem at all. If a system administrator is worried about someone logging 
in as a print server just extend the objects attributes and add a simultaneous login attribute. You can set this to 1 
and only the print server will login. You can do this with Console1 or schemax. These are free utilities with Novell. 

Later

Technical Computer Services
Jeffrey R. Seaton
Owner
Tel: 270-691-1121
Fax: 270-691-1127
www.tcserve.com
Your Local Computer Network Specialist!

Magnus Ullberg <UllbergM () abcbank com> 03/09/01 08:27AM >>>




Magnus Ullberg
Network Coordinator

Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301

-----Original Message-----
From:   Vulnerability Help [mailto:vulnhelp () SECURITYFOCUS COM] 
Sent:   Thursday, March 08, 2001 2:36 PM
To:     BUGTRAQ () SECURITYFOCUS COM 
Subject:        Vulnerability in Novell Netware

The information in this advisory was supplied by Chris Hughes
<hughescj () usa net>.
This security advisory is not endorsed by Security-Focus.com.
Vulnerability in Novell Netware
Date Published: 03/08/01
Advisory ID: n/a
Bugtraq ID: 2446
CVE CAN: None currently assigned.
Title: Novell Netware Print Server Vulnerability
Class: Configuration Error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Vulnerability Description: Novell Netware allows a user to log into a Novell
Network by using a Printer Server as the username.  By default, Novell Print
Servers have blank passwords.  In addition, Novell Print Servers do not have
intruder detection capability as a user account would, so they are
vulnerable to a brute force attack without risk of account lockout. When a
Print Server is logged into as a User, the account will have the same rights
as are assigned to the container that it resides in.
Vulnerable Packages/Systems: Novell Netware 3.1-5.1
Solution/Vendor Information/Workaround: Vendor has not responded yet.
Vendor notified on: 11/02/00
Credits: Discovered by Chris Hughes <hughescj () usa net>
This advisory was drafted with the help of the SecurityFocus.com
Vulnerability Help Team. For more information or assistance drafting
advisories please mail vulnhelp () securityfocus com.

--
SecurityFocus.com
Vulnerability Help Team

Current thread:

Re: Vulnerability in Novell Netware, (continued)
- - - Re: Vulnerability in Novell Netware David Howe (Mar 12)
  - Re: Vulnerability in Novell Netware hhoogend (Mar 12)
    - Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
    - Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
    - Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
  - Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
  - Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
  - Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)