Bugtraq mailing list archives
Re: Vulnerability in Novell Netware
From: Ben Ponting <bponting () HOTMAIL COM>
Date: Mon, 12 Mar 2001 00:54:36 -0000
We've tested this exploit with NW 5.1 SP2a using a queue based Print Server object. We could login as the object with no password, but the object only had public rights (ie, browse, compare and read). No volume scan, read or write rights. Though it must have read rights to the print spool location. By default the Print Server should not security equivelance to the container. But this may have been manually assigned in the environment where the vulnerability was discovered. Ben Ponting
Current thread:
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what?, (continued)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Adrian Bolzan (Mar 13)
- Re: Vulnerability in Novell Netware Derek Wilson (Mar 11)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
- Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
- Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)