[19627] in bugtraq
Re: Vulnerability in Novell Netware
daemon@ATHENA.MIT.EDU (Thomas M. Payerle)
Tue Mar 13 19:25:21 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.OSF.4.21.0103121517190.29361-100000@bofh.physics.umd.edu>
Date: Mon, 12 Mar 2001 15:21:56 -0500
Reply-To: "Thomas M. Payerle" <payerle@PHYSICS.UMD.EDU>
From: "Thomas M. Payerle" <payerle@PHYSICS.UMD.EDU>
X-To: hhoogend <hhoogend@XS4ALL.NL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.BSI.4.10.10103121003330.9692-100000@xs3.xs4all.nl>
On Mon, 12 Mar 2001, hhoogend wrote:
> Tested here on a netware 4.11 sp 8a network and yes you can login and got
> all inherited container rights. I think it
> works only on quebased printing systems and not on NDPS printing systems.
>
Verified it on 5.1. Also, we noticed that print servers created via HP's
JetAdmin utility do not have a blank password by default. I am not sure
what the default password is ( and have little doubt that it can be "guessed"
with some basic knowledge of the printer in question), but am sharing this as
it contributed to some confusion when trying to verify the vulnerability here.
Tom Payerle
Dept of Physics payerle@physics.umd.edu
University of Maryland (301) 405-6973
College Park, MD 20742-4111 Fax: (301) 314-9525
