[19614] in bugtraq
Re: Vulnerability in Novell Netware - Yeah, it's a user. So what?
daemon@ATHENA.MIT.EDU (Kain)
Mon Mar 12 15:09:42 2001
Mail-Followup-To: BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="wac7ysb48OaltWcw"
Content-Disposition: inline
Message-ID: <20010312081713.A32745@artemis.kain.org>
Date: Mon, 12 Mar 2001 08:17:13 -0600
Reply-To: Kain <kain@KAIN.ORG>
From: Kain <kain@KAIN.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.30.0103081332280.1069-100000@mail>; from
vulnhelp@SECURITYFOCUS.COM on Thu, Mar 08,
2001 at 01:36:23PM -0700
--wac7ysb48OaltWcw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Mar 08, 2001 at 01:36:23PM -0700, Vulnerability Help wrote:
> The information in this advisory was supplied by Chris Hughes
> <hughescj@usa.net>. This security advisory is not endorsed by
> Security-Focus.com.
>=20
> Vulnerability in Novell Netware
> Date Published: 03/08/01
> Advisory ID: n/a
> Bugtraq ID: 2446
> CVE CAN: None currently assigned.
> Title: Novell Netware Print Server Vulnerability
> Class: Configuration Error
> Remotely Exploitable: Yes
> Locally Exploitable: Yes
>=20
> Vulnerability Description: Novell Netware allows a user to log into a
> Novell Network by using a Printer Server as the username. By default,
> Novell Print Servers have blank passwords.
> In addition, Novell Print Servers do not have intruder detection capabili=
ty
> as a user account would, so they are vulnerable to a brute force attack
> without risk of account lockout. When a Print Server is logged into as a
> User, the account will have the same rights as are assigned to the contai=
ner
> that it resides in.
I haven't worked with netware since 4.11, but I remember that the documenta=
tion (Netware Manuals) covers this. It mentions that to handle print-spool=
s and the like, Netware Printer Servers need a user object to work as and t=
o protect that user accordingly. Someone correct me if I'm wrong here.
Granted, with NDS, it may no longer have been necessary to have that user, =
but Novell wanted to have Bindery compatability.
There *ARE* ways to works around this, even though it still is a design fla=
w, it's not a severe insecurity IMHO.
--=20
**
Bryon Roche, Kain <kain@chaosium.net>
--wac7ysb48OaltWcw
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6rNppBK2G/mh4q9URAm7CAJ0REuvg6EWSHpEuHUmAdVTyMGpAaACfbKIZ
NL6RCdeGeioXroGkuvT+/jU=
=9D5P
-----END PGP SIGNATURE-----
--wac7ysb48OaltWcw--
