Bugtraq mailing list archives
Re: Vulnerability in Novell Netware
From: David Howe <DHowe () HAWKSWING DEMON CO UK>
Date: Mon, 12 Mar 2001 09:59:05 -0000
I tried it on Netware 4.11 SP9. Logged in as the print server , but with limited access to resources. I didn't fully test after logged in, but it's possible. Brad B
NW4 was usually happy to let you log in as anything that had a valid public/private keypair - print servers being a good example (the occasionally VERY useful NW-HACK file had a long list of accounts that would be vunerable - mostly due to sloppy installers for third-party printer or backup packages.) Obvious first step is to apply station restrictions and limit what a print server can see to just the print queues - it doesn't need much if anything else, so why leave the door open? Many system objects (such as print servers) exist in the same context as the print queues they serve, which in turn are in the same context as the users - and many admins assign file access rights globally to the container (which then cascade down to the print server object) rather than groups. One thing that *is* annoying is NDPS legacy support - if you are reading from or writing to a legacy NDS queue, you are required to log in (the older NFS support addon did not do this, and it came as a nasty shock to our licencing guy when we sidegraded to NW5.1 and got bitten by this one - and the Pervasive licencing thing) I was unable to find any way of having this login account carry a password without having to retype that password once per printer whenever NDPS was resynced or restarted - which I wasn't willing to wear. Current setup on my boxen is complete separation of NDPS (which has LPR in and out support, plus NDPS queue, but no legacy queue) from legacy printers - entirely due to these two issues.
Current thread:
- Vulnerability in Novell Netware Vulnerability Help (Mar 09)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Adrian Bolzan (Mar 13)
- <Possible follow-ups>
- Re: Vulnerability in Novell Netware Derek Wilson (Mar 11)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)