Yeah I took a look at this but it is not a problem at all. If a system administrator
is worried about someone logging in as a print server just extend the objects
attributes and add a simultaneous login attribute. You can set this to 1 and only the
print server will login. You can do this with Console1 or schemax. These are free
utilities with Novell.
Later
Technical Computer Services
Jeffrey R. Seaton
Owner
Tel: 270-691-1121
Fax: 270-691-1127
www.tcserve.com
Your Local Computer Network Specialist!
>>> Magnus Ullberg <[EMAIL PROTECTED]> 03/09/01 08:27AM >>>
Magnus Ullberg
Network Coordinator
Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301
-----Original Message-----
From: Vulnerability Help [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 08, 2001 2:36 PM
To: [EMAIL PROTECTED]
Subject: Vulnerability in Novell Netware
The information in this advisory was supplied by Chris Hughes
<[EMAIL PROTECTED]>.
This security advisory is not endorsed by Security-Focus.com.
Vulnerability in Novell Netware
Date Published: 03/08/01
Advisory ID: n/a
Bugtraq ID: 2446
CVE CAN: None currently assigned.
Title: Novell Netware Print Server Vulnerability
Class: Configuration Error
Remotely Exploitable: Yes
Locally Exploitable: Yes
Vulnerability Description: Novell Netware allows a user to log into a Novell
Network by using a Printer Server as the username. By default, Novell Print
Servers have blank passwords. In addition, Novell Print Servers do not have
intruder detection capability as a user account would, so they are
vulnerable to a brute force attack without risk of account lockout. When a
Print Server is logged into as a User, the account will have the same rights
as are assigned to the container that it resides in.
Vulnerable Packages/Systems: Novell Netware 3.1-5.1
Solution/Vendor Information/Workaround: Vendor has not responded yet.
Vendor notified on: 11/02/00
Credits: Discovered by Chris Hughes <[EMAIL PROTECTED]>
This advisory was drafted with the help of the SecurityFocus.com
Vulnerability Help Team. For more information or assistance drafting
advisories please mail [EMAIL PROTECTED]
--
SecurityFocus.com
Vulnerability Help Team