Bugtraq mailing list archives
Re: Vulnerability in Novell Netware
From: Jon Miner <miner () DOIT WISC EDU>
Date: Tue, 13 Mar 2001 12:49:34 -0600
* Thomas M. Payerle (payerle () PHYSICS UMD EDU) [010313 02:15]:
Verified it on 5.1. Also, we noticed that print servers created via HP's JetAdmin utility do not have a blank password by default. I am not sure what the default password is ( and have little doubt that it can be "guessed" with some basic knowledge of the printer in question), but am sharing this as it contributed to some confusion when trying to verify the vulnerability here.
As many people have pointed out before, this isn't a bug. It's a possibility for a vulnerability, but it is by design. It is mentioned in every Novell manual I've read, and is well known. It's a fact of life, Printers need to log in to get to the queue directories. Just don't assign rights to the container that queues are in. jon -- .Jonathan J. Miner------------------Division of Information Technology. |miner () doit wisc edu University Of Wisconsin - Madison| |608/262.9655 Room 3149 Computer Science| `---------------------------------------------------------------------' There are of course many problems connected with life, of which some of the most popular are "Why are people born?" "Why do they die?" "Why do they spend so much of the intervening time wearing digital watches?" -- The Book. From _The_Hitchhikers_Guide_To_The_Galaxy_ by Douglas Adams (5)
Current thread:
- Vulnerability in Novell Netware Vulnerability Help (Mar 09)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Adrian Bolzan (Mar 13)
- <Possible follow-ups>
- Re: Vulnerability in Novell Netware Derek Wilson (Mar 11)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
- Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
- Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)