[19646] in bugtraq
Re: Vulnerability in Novell Netware
daemon@ATHENA.MIT.EDU (Jon Miner)
Wed Mar 14 04:45:29 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20010313124934.A10065@speed.doit.wisc.edu>
Date: Tue, 13 Mar 2001 12:49:34 -0600
Reply-To: Jon Miner <miner@DOIT.WISC.EDU>
From: Jon Miner <miner@DOIT.WISC.EDU>
X-To: "Thomas M. Payerle" <payerle@PHYSICS.UMD.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.OSF.4.21.0103121517190.29361-100000@bofh.physics.umd.edu>;
from payerle@PHYSICS.UMD.EDU on Mon, Mar 12,
2001 at 03:21:56PM -0500
* Thomas M. Payerle (payerle@PHYSICS.UMD.EDU) [010313 02:15]:
> Verified it on 5.1. Also, we noticed that print servers created via HP's
> JetAdmin utility do not have a blank password by default. I am not sure
> what the default password is ( and have little doubt that it can be "guessed"
> with some basic knowledge of the printer in question), but am sharing this as
> it contributed to some confusion when trying to verify the vulnerability here.
As many people have pointed out before, this isn't a bug. It's a
possibility for a vulnerability, but it is by design. It is mentioned
in every Novell manual I've read, and is well known.
It's a fact of life, Printers need to log in to get to the queue
directories. Just don't assign rights to the container that queues are
in.
jon
--
.Jonathan J. Miner------------------Division of Information Technology.
|miner@doit.wisc.edu University Of Wisconsin - Madison|
|608/262.9655 Room 3149 Computer Science|
`---------------------------------------------------------------------'
There are of course many problems connected with life, of which some of
the most popular are "Why are people born?" "Why do they die?" "Why do
they spend so much of the intervening time wearing digital watches?"
-- The Book.
From _The_Hitchhikers_Guide_To_The_Galaxy_ by Douglas Adams
(5)
