Bugtraq mailing list archives

Re: Vulnerability in Novell Netware

From: Ben Ponting <bponting () HOTMAIL COM>
Date: Mon, 12 Mar 2001 00:54:36 -0000

We've tested this exploit with NW 5.1 SP2a using a 
queue based Print Server object.
We could login as the object with no password, but 
the object only had public rights (ie, browse, compare 
and read). 
No volume scan, read or write rights. 
Though it must have read rights to the print spool 
location.

By default the Print Server should not security 
equivelance to the container. 
But this may have been manually assigned in the 
environment where the vulnerability was discovered.

Ben Ponting

Current thread:

Re: Vulnerability in Novell Netware - Yeah, it's a user. So what?, (continued)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
  - Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Adrian Bolzan (Mar 13)
- Re: Vulnerability in Novell Netware Derek Wilson (Mar 11)
  - Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
    - Re: Vulnerability in Novell Netware David Howe (Mar 12)
  - Re: Vulnerability in Novell Netware hhoogend (Mar 12)
    - Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
    - Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
    - Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
  - Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
  - Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
  - Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)