Bugtraq mailing list archives
Re: FW: Vulnerability in Novell Netware
From: Jeffrey Seaton <jseaton () TCSERVE COM>
Date: Wed, 14 Mar 2001 16:25:17 -0600
Yeah I took a look at this but it is not a problem at all. If a system administrator is worried about someone logging in as a print server just extend the objects attributes and add a simultaneous login attribute. You can set this to 1 and only the print server will login. You can do this with Console1 or schemax. These are free utilities with Novell. Later Technical Computer Services Jeffrey R. Seaton Owner Tel: 270-691-1121 Fax: 270-691-1127 www.tcserve.com Your Local Computer Network Specialist!
Magnus Ullberg <UllbergM () abcbank com> 03/09/01 08:27AM >>>
Magnus Ullberg Network Coordinator Area Bancshares Corporation Networking Department 230 Frederica St. Owensboro, KY 42301 -----Original Message----- From: Vulnerability Help [mailto:vulnhelp () SECURITYFOCUS COM] Sent: Thursday, March 08, 2001 2:36 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: Vulnerability in Novell Netware The information in this advisory was supplied by Chris Hughes <hughescj () usa net>. This security advisory is not endorsed by Security-Focus.com. Vulnerability in Novell Netware Date Published: 03/08/01 Advisory ID: n/a Bugtraq ID: 2446 CVE CAN: None currently assigned. Title: Novell Netware Print Server Vulnerability Class: Configuration Error Remotely Exploitable: Yes Locally Exploitable: Yes Vulnerability Description: Novell Netware allows a user to log into a Novell Network by using a Printer Server as the username. By default, Novell Print Servers have blank passwords. In addition, Novell Print Servers do not have intruder detection capability as a user account would, so they are vulnerable to a brute force attack without risk of account lockout. When a Print Server is logged into as a User, the account will have the same rights as are assigned to the container that it resides in. Vulnerable Packages/Systems: Novell Netware 3.1-5.1 Solution/Vendor Information/Workaround: Vendor has not responded yet. Vendor notified on: 11/02/00 Credits: Discovered by Chris Hughes <hughescj () usa net> This advisory was drafted with the help of the SecurityFocus.com Vulnerability Help Team. For more information or assistance drafting advisories please mail vulnhelp () securityfocus com. -- SecurityFocus.com Vulnerability Help Team
Current thread:
- Re: Vulnerability in Novell Netware, (continued)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
- Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
- Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)