[19568] in bugtraq
Vulnerability in Novell Netware
daemon@ATHENA.MIT.EDU (Vulnerability Help)
Fri Mar 9 05:11:05 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.GSO.4.30.0103081332280.1069-100000@mail>
Date: Thu, 8 Mar 2001 13:36:23 -0700
Reply-To: Vulnerability Help <vulnhelp@SECURITYFOCUS.COM>
From: Vulnerability Help <vulnhelp@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
The information in this advisory was supplied by Chris Hughes <hughescj@usa.net>.
This security advisory is not endorsed by Security-Focus.com.
Vulnerability in Novell Netware
Date Published: 03/08/01
Advisory ID: n/a
Bugtraq ID: 2446
CVE CAN: None currently assigned.
Title: Novell Netware Print Server Vulnerability
Class: Configuration Error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Vulnerability Description: Novell Netware allows a user to log into a
Novell Network by using a Printer Server as the username. By default,
Novell Print Servers have blank passwords. In addition, Novell Print
Servers do not have intruder detection capability as a user account would,
so they are vulnerable to a brute force attack without risk of account
lockout. When a Print Server is logged into as a User, the account will
have the same rights as are assigned to the container that it resides in.
Vulnerable Packages/Systems: Novell Netware 3.1-5.1
Solution/Vendor Information/Workaround: Vendor has not responded yet.
Vendor notified on: 11/02/00
Credits: Discovered by Chris Hughes <hughescj@usa.net>
This advisory was drafted with the help of the SecurityFocus.com
Vulnerability Help Team. For more information or assistance drafting
advisories please mail vulnhelp@securityfocus.com.
--
SecurityFocus.com
Vulnerability Help Team
