Procheckup Ltd
www.procheckup.com
Procheckup Security Bulletin PR02-3
Description: Netware default programs display server
information to attackers.
Date: 8/1/2002
Application: Netware enterprise web server
Platform: Novell NetWare 5.0
Procheckup Ltd
www.procheckup.com
Procheckup Security Bulletin PR02-1
Description: Netware default programs displays server
variables including web root location
Date: 8/1/2002
Application: Netware enterprise web server
Platform: Novell NetWare
Jeffrey Seaton [EMAIL PROTECTED] writes:
Yeah I took a look at this but it is not a problem at all. If a system
administrator is worried about someone logging in as a print server just
extend the objects attributes and add a simultaneous login attribute. You
can set this to 1 and only the
On Wed, 14 Mar 2001, Jeffrey Seaton wrote:
Yeah I took a look at this but it is not a problem at all. If a system
administrator is worried about someone logging in as a print server just
extend the objects attributes and add a simultaneous login
attribute. You can set this to 1 and only the
Coordinator
Area Bancshares Corporation
Networking Department
230 Frederica St.
Owensboro, KY 42301
-Original Message-
From: Vulnerability Help [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 08, 2001 2:36 PM
To: [EMAIL PROTECTED]
Subject:Vulnerability in Novell Netware
* Thomas M. Payerle ([EMAIL PROTECTED]) [010313 02:15]:
Verified it on 5.1. Also, we noticed that print servers created via HP's
JetAdmin utility do not have a blank password by default. I am not sure
what the default password is ( and have little doubt that it can be "guessed"
with some
It has been a while since i did anything with netware, but i seem to
remember, that under netware 3.x this bug also existed. There was
usually a printer object (object type 6 or 7 if i remember correctly),
that often had a name the same as the server (but not always). This object
had no
, 2001 at 01:36:23PM -0700, Vulnerability Help wrote:
The information in this advisory was supplied by Chris Hughes
[EMAIL PROTECTED]. This security advisory is not endorsed by
Security-Focus.com. Vulnerability in Novell Netware Date
Published: 03/08/01 Advisory ID: n/a Bugtraq ID: 2446
There is one thing that might be over looked here, or stated where I haven't read.
I have tested the same login via a printer name and no pass. I've had high school
students do this and find out they can write to the print queue directory. Needless
to say they filled up the SYS volume with
Only with Public Access non-NDPS printers as far as I have been able to
determine.
Mike
-Original Message-
From: Derek Wilson [SMTP:[EMAIL PROTECTED]]
Sent: 09 2001 18:49
To: [EMAIL PROTECTED]
Subject: Re: [BUGTRAQ] Vulnerability in Novell Netware
Tested the Exploit
I tried it on Netware 4.11 SP9. Logged in as the print server , but with
limited access to resources. I didn't fully test after logged in, but it's
possible.
Brad B
On Fri, 9 Mar 2001, Derek Wilson wrote:
Tested the Exploit on Netware 5.1 SP2 with the context and username set to the print
We've tested this exploit with NW 5.1 SP2a using a
queue based Print Server object.
We could login as the object with no password, but
the object only had public rights (ie, browse, compare
and read).
No volume scan, read or write rights.
Though it must have read rights to the print spool
Linux box.
Matthew
-Original Message-
From: Derek Wilson [mailto:[EMAIL PROTECTED]]
Sent: Saturday, 10 March 2001 3:49
Subject: Re: Vulnerability in Novell Netware
Tested the Exploit on Netware 5.1 SP2 with the context and username set to the
print server's context and username. I go
On Thu, Mar 08, 2001 at 01:36:23PM -0700, Vulnerability Help wrote:
The information in this advisory was supplied by Chris Hughes
[EMAIL PROTECTED]. This security advisory is not endorsed by
Security-Focus.com.
Vulnerability in Novell Netware
Date Published: 03/08/01
Advisory ID: n
I tried it on Netware 4.11 SP9. Logged in as the print server , but with
limited access to resources. I didn't fully test after logged in, but it's
possible.
Brad B
NW4 was usually happy to let you log in as anything that had a valid
public/private keypair - print servers being a good example
On Mon, 12 Mar 2001, hhoogend wrote:
Tested here on a netware 4.11 sp 8a network and yes you can login and got
all inherited container rights. I think it
works only on quebased printing systems and not on NDPS printing systems.
Verified it on 5.1. Also, we noticed that print servers created
Tested the Exploit on Netware 5.1 SP2 with the context and username set to the print
server's context and username. I got an error logging in. No password was set for the
print server (I don't think its possible). The printer was an NDPS printer. Does this
only happen with "public access"
The information in this advisory was supplied by Chris Hughes [EMAIL PROTECTED].
This security advisory is not endorsed by Security-Focus.com.
Vulnerability in Novell Netware
Date Published: 03/08/01
Advisory ID: n/a
Bugtraq ID: 2446
CVE CAN: None currently assigned.
Title: Novell Netware
18 matches
Mail list logo