[19618] in bugtraq
Re: Vulnerability in Novell Netware - Yeah, it's a user. So what?
daemon@ATHENA.MIT.EDU (Adrian Bolzan)
Tue Mar 13 03:05:13 2001
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Message-ID: <200103122308.f2CN8xt05643@garm.aot.com.au>
Date: Tue, 13 Mar 2001 10:05:51 +1000
Reply-To: Adrian Bolzan <Adrian.Bolzan@AOT.COM.AU>
From: Adrian Bolzan <Adrian.Bolzan@AOT.COM.AU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010312081713.A32745@artemis.kain.org>
Hi,
I have attempted to log in as a print server and could not log in.
I am running NW5.1 SP1a.
I am niot using NDPS and tried all of the print servers with no password. is
there a trick to logging in as a print server?
thanks,
adrian
On 12 Mar 01, at 8:17, Kain wrote:
> On Thu, Mar 08, 2001 at 01:36:23PM -0700, Vulnerability Help wrote: >
> The information in this advisory was supplied by Chris Hughes >
> <hughescj@usa.net>. This security advisory is not endorsed by >
> Security-Focus.com. > > Vulnerability in Novell Netware > Date
> Published: 03/08/01 > Advisory ID: n/a > Bugtraq ID: 2446 > CVE CAN:
> None currently assigned. > Title: Novell Netware Print Server
> Vulnerability > Class: Configuration Error > Remotely Exploitable: Yes
> > Locally Exploitable: Yes > > Vulnerability Description: Novell
> Netware allows a user to log into a > Novell Network by using a
> Printer Server as the username. By default, > Novell Print Servers
> have blank passwords. > In addition, Novell Print Servers do not have
> intruder detection capability > as a user account would, so they are
> vulnerable to a brute force attack > without risk of account lockout.
> When a Print Server is logged into as a > User, the account will have
> the same rights as are assigned to the container > that it resides in.
>
> I haven't worked with netware since 4.11, but I remember that the
> documentation (Netware Manuals) covers this. It mentions that to
> handle print-spools and the like, Netware Printer Servers need a user
> object to work as and to protect that user accordingly. Someone
> correct me if I'm wrong here.
>
> Granted, with NDS, it may no longer have been necessary to have that
> user, but Novell wanted to have Bindery compatability.
>
> There *ARE* ways to works around this, even though it still is a
> design flaw, it's not a severe insecurity IMHO. -- ** Bryon Roche,
> Kain <kain@chaosium.net>
>
___________________________________________
Dr Adrian Bolzan
Systems Administrator
The Australian Outback Travel Group
Level 8, 420 St. Kilda Road
Melbourne, Victoria 3004, AUSTRALIA
Tel: +61 3 98677233
Fax: +61 3 98677244
Winner - 1999 Australian Export Awards
Winner - 1999 Governor of Victoria Export Awards
===========================================
