[19664] in bugtraq
Re: FW: Vulnerability in Novell Netware
daemon@ATHENA.MIT.EDU (Jeffrey Seaton)
Thu Mar 15 13:09:21 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Message-ID: <saaf9b80.060@tcsinet.tcserve.com>
Date: Wed, 14 Mar 2001 16:25:17 -0600
Reply-To: Jeffrey Seaton <jseaton@TCSERVE.COM>
From: Jeffrey Seaton <jseaton@TCSERVE.COM>
X-To: hagand@abcbank.com, UllbergM@abcbank.com, wellmanj@abcbank.com,
vulnhelp@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Yeah I took a look at this but it is not a problem at all. If a system administrator is worried about someone logging in as a print server just extend the objects attributes and add a simultaneous login attribute. You can set this to 1 and only the print server will login. You can do this with Console1 or schemax. These are free utilities with Novell.
Later
Technical Computer Services
Jeffrey R. Seaton
Owner
Tel: 270-691-1121
Fax: 270-691-1127
www.tcserve.com
Your Local Computer Network Specialist!
>>> Magnus Ullberg <UllbergM@abcbank.com> 03/09/01 08:27AM >>>
Magnus Ullberg
Network Coordinator
Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301
-----Original Message-----
From: Vulnerability Help [mailto:vulnhelp@SECURITYFOCUS.COM]
Sent: Thursday, March 08, 2001 2:36 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Vulnerability in Novell Netware
The information in this advisory was supplied by Chris Hughes
<hughescj@usa.net>.
This security advisory is not endorsed by Security-Focus.com.
Vulnerability in Novell Netware
Date Published: 03/08/01
Advisory ID: n/a
Bugtraq ID: 2446
CVE CAN: None currently assigned.
Title: Novell Netware Print Server Vulnerability
Class: Configuration Error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Vulnerability Description: Novell Netware allows a user to log into a Novell
Network by using a Printer Server as the username. By default, Novell Print
Servers have blank passwords. In addition, Novell Print Servers do not have
intruder detection capability as a user account would, so they are
vulnerable to a brute force attack without risk of account lockout. When a
Print Server is logged into as a User, the account will have the same rights
as are assigned to the container that it resides in.
Vulnerable Packages/Systems: Novell Netware 3.1-5.1
Solution/Vendor Information/Workaround: Vendor has not responded yet.
Vendor notified on: 11/02/00
Credits: Discovered by Chris Hughes <hughescj@usa.net>
This advisory was drafted with the help of the SecurityFocus.com
Vulnerability Help Team. For more information or assistance drafting
advisories please mail vulnhelp@securityfocus.com.
--
SecurityFocus.com
Vulnerability Help Team
