Re: Vulnerability in Novell Netware

[Scott Smith <ssmith () SIU EDU>]

There is one thing that might be over looked here, or stated where I haven't read.

I have tested the same login via a printer name and no pass.  I've had high school students do this and find out they 
can write to the print queue directory.  Needless to say they filled up the SYS volume with games and pictures.  We 
since created a separate partition just for the print queue, small enough to be able to print but they really can not 
store any data.  We also wrote a small program to go out and delete any files that weren't of the typical queue 
fashion, and then purge it.

We actually saw this in Netware 4.10, and it has followed since.

There used to be a Novell TID that showed how to look down certain rights and still allow the printer to print.  I have 
no idea if this is still out there or not, but sometimes the default rights aren't sufficient.