Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability in Novell Netware

From: Vulnerability Help <vulnhelp () SECURITYFOCUS COM>
Date: Thu, 8 Mar 2001 13:36:23 -0700
The information in this advisory was supplied by Chris Hughes <hughescj () usa net>.
This security advisory is not endorsed by Security-Focus.com.

Vulnerability in Novell Netware

Date Published: 03/08/01

Advisory ID: n/a

Bugtraq ID: 2446

CVE CAN: None currently assigned.

Title: Novell Netware Print Server Vulnerability

Class: Configuration Error

Remotely Exploitable: Yes

Locally Exploitable: Yes

Vulnerability Description: Novell Netware allows a user to log into a
Novell Network by using a Printer Server as the username.  By default,
Novell Print Servers have blank passwords.  In addition, Novell Print
Servers do not have intruder detection capability as a user account would,
so they are vulnerable to a brute force attack without risk of account
lockout. When a Print Server is logged into as a User, the account will
have the same rights as are assigned to the container that it resides in.

Vulnerable Packages/Systems: Novell Netware 3.1-5.1

Solution/Vendor Information/Workaround: Vendor has not responded yet.

Vendor notified on: 11/02/00

Credits: Discovered by Chris Hughes <hughescj () usa net>

This advisory was drafted with the help of the SecurityFocus.com
Vulnerability Help Team. For more information or assistance drafting
advisories please mail vulnhelp () securityfocus com.

--
SecurityFocus.com
Vulnerability Help Team
Previous By Date Next
Previous By Thread Next

Current thread: