Vulnerability Development mailing list archives
Re: Novell Netware Copy
From: bfiero () MENTALFLOSS NET (Bob Fiero)
Date: Fri, 24 Mar 2000 15:31:18 -0500
From what I can tell with the networks I manage, a quick test on two so far...Netware Copy doesn't have any additional rights that any other file manager would have. A local drive is not manageable by the network. There are restrictions that can be applied via Windoze policies using ZEN, but there isn't anything that can keep a user from blowing away local files. I think with a couple of comments you made ((maybe network drives) and latest version...(4 or 5)) you don't have an understanding of what is happening around you, especially with regards to networking. No offense meant. But the Netware Copy you see is there via the Novell Client for Windows. My guess is either via a misconfiguration of FoolProof the Novell icons are there, or FoolProof doesn't support Netware. At 12:03 AM 3/24/2000 -0600, you wrote:
Through exploration on a LAN, I have found either a bug or an oversight on Novell Netware that allows a local user read/write access to any file on drive C (maybe network drives). When clicking on the right button on any file under Windows explorer, the local security program (FoolProof) turns off all selections except for an option called "Netware Copy". If one selects Netware Copy, it asks for a destination and you can type ANY file on drive C and it will either create a new file or overwrite the old file. Under normal usage, drive C is write protected. They're using the latest version of Novell Netware (4 or 5) with an OS of Win95. Can someone test to see if Netware Copy is a flaw or an oversight. I'm also wondering what are the ethics here. If there's something this easy, is it wrong to Netware Copy anything I want? (i.e. move security program, install other apps) <--Yes, I did notify the Admins of security flaws through e-mail but they never responded ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Dustin D. Trammell (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Juan M. Courcoul (Mar 23)
- Novell Netware Copy first Last (Mar 23)
- local security workaround through IE Knud Erik Højgaard (Feb 24)
- Re: local security workaround through IE thegreencow (Mar 24)
- Re: local security workaround through IE Blue Boar (Mar 24)
- Re: local security workaround through IE Knud Erik Højgaard (Feb 25)
- local security workaround through IE Knud Erik Højgaard (Feb 24)
- Re: Novell Netware Copy Richard Beels (Mar 24)
- Ehmm..in reagards to the con\con-problem, and ftp-servers Odd Arne Beck (Mar 24)
- Re: Novell Netware Copy Bob Fiero (Mar 24)
- Re: Novell Netware Copy Bluefish (Mar 25)
- <Possible follow-ups>
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Dustin D. Trammell (Mar 24)