Bugtraq mailing list archives
Re: Vulnerability in Novell Netware
From: Scott Smith <ssmith () SIU EDU>
Date: Tue, 13 Mar 2001 09:02:20 -0600
There is one thing that might be over looked here, or stated where I haven't read. I have tested the same login via a printer name and no pass. I've had high school students do this and find out they can write to the print queue directory. Needless to say they filled up the SYS volume with games and pictures. We since created a separate partition just for the print queue, small enough to be able to print but they really can not store any data. We also wrote a small program to go out and delete any files that weren't of the typical queue fashion, and then purge it. We actually saw this in Netware 4.10, and it has followed since. There used to be a Novell TID that showed how to look down certain rights and still allow the printer to print. I have no idea if this is still out there or not, but sometimes the default rights aren't sufficient.
Current thread:
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what?, (continued)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Adrian Bolzan (Mar 13)
- Re: Vulnerability in Novell Netware Derek Wilson (Mar 11)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
- Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
- Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)