Bugtraq mailing list archives

Re: MacOS 9 and the MacOS Netware Client

From: deepquest () NETSCAPE NET (deepquest () NETSCAPE NET)
Date: Mon, 15 Nov 1999 10:38:21 -0000

Bugtraq;

MacOS 9 adds the ability to have multiple users on a single Macintosh. When it boots it will (if enabled) ask you to
log in.

However, while logged in if you login to NDS, and select "Logout" from the Special menu, you will NOT be logged out of
NDS. The tree in the menu bar will stay green, and you are still logged in. Any user can then log back in as
themselves and use your login to NDS.

The workaround is simple enough, just make sure you log out of NDS and THEN out of MacOS. An alternative would be to
simply restart the Mac instead of logging out.

I tested this on an iMac running MacOS 9 and the ProSoft client (version 5.12). I have not tested it on the Novell
client (version 5.11), but since the clients are so similar I would assume the "bug" exists there too. (I don't
consider this to be a full-blown bug since we're dealing with a new feature of the OS that didn't exist at the time the
client was released. However, given the breathtaking speed that ProSoft moves at...)

--As far as I know this doesn't seems like being an MacOs issue, as described in original post, since NetWare Client
5.12 is not listed as builting feature ( see the inclued softwares or features listed in MacOs 9
http://www.apple.com/macos/pdf/MacOS9_DS-a.pdf) or even bunddled with MacOS 9.
Using any other network ressource via a software (mail client, telnet, ftp etc...) will log you out; during the loggout
process an apple event is sent to the applications, and Prosoft netware client doesn't respond to the apple event
asking to disconnect the ressouce.It's not MacOS fault but incompability in software to understant the event it's quiet
different.New OS creates sometime incompabilities but who has to adapt to the situation: the OS or the application?

There's something I don't get on security focus vulnerabilities database despite all the great job that is done on this
site.Why softwares having issues on MacOs are reported under "Apple" and not to the vendor itself? :-(
--->1999-11-14: MacOS9 NDS Client Inherited Login Vulnerability
-->1998-04-14: Microsoft Internet Explorer EMBED Vulnerability
-->1999-07-28: MacOS Internet Config Weak Password Encryption Vulnerability
-->1999-06-15: MS Outlook Express for MacOS "Change Current User" Vulnerability

deepquest
Ubi solitudinem faciunt, pacem appellant
http://www.deepquest.pf

Current thread:

Re: BIND bugs of the month D. J. Bernstein (Nov 12)
- Re: BIND bugs of the month (spoofing secure Web sites?) Peter W (Nov 13)
  - Re: BIND bugs of the month (spoofing secure Web sites?) Kurt Seifried (Nov 14)
- Re: BIND bugs of the month (spoofing secure Web sites?) D. J. Bernstein (Nov 13)
  - Re: BIND bugs of the month (spoofing secure Web sites?) D. J. Bernstein (Nov 14)
    - Re: BIND bugs of the month (spoofing secure Web sites?) Elias Levy (Nov 15)
- Re: BIND bugs of the month David R. Conrad (Nov 14)
- MacOS 9 and the MacOS Netware Client Matt White (Nov 14)
  - Re: MacOS 9 and the MacOS Netware Client deepquest () NETSCAPE NET (Nov 15)
  - Re: MacOS 9 and the MacOS Netware Client sherrera () BASS CUESTA CC CA US (Nov 15)
  - Re: MacOS 9 and the MacOS Netware Client deepquest () NETSCAPE NET (Nov 15)