Bugtraq mailing list archives
Re: More Rconsole stuff
From: randy () INTER-CORPORATE COM (Randy Richardson)
Date: Sun, 11 Oct 1998 23:49:42 -0800
[Snip]
As of NetWare 4.x, Novell recommends using the Inetcfg utility for managing networking. If you have "load remote" in the autoexec.ncf, Inetcfg will try to grab it and add it to Inetcfg's scripts. The problem here is that Inetcfg saves the Rconsole password to SYS:ETC in a file named Netinfo.cfg. All users have full read access to this directory so anyone with a valid account can view the Rconsole password. Given Simple Nomad's post, even if you cut and paste in order to ensure that the password is encrypted, it is still extremely vulnerable.
That's not correct. By default, users don't have access to SYS:ETC. If you grant them access here, then you're asking for trouble because the only modules that need access to this directory are the NLMs (NetWare Loadable Modules) that run on the server.
The patch would be to call remote from another NCF file which is stored in the SYS:SYSTEM directory. This will at least limit access to only Admins. This will also prevent Inetcfg from trying to grab it. Of course the real fix would be to not use Rconsole. ;)
This is a good solution if users do have access to SYS:ETC, but if your users do have access to SYS:ETC then it is time to find out why.
I've also noticed (with 4.1x anyway) that if you enable Telnet access to the server, remote sessions are not logged. Combine this with the above and any user can now whack away at the server console without leaving an audit trail.
I agree. TelNet access should be disabled on NetWare 3.x and NetWare 4.x servers.
Any known patches for the above would be most cool, Chris
[Snip] HiTecSoft has a product called "WebConsole" which allows RConsole-style control of a server through straight HTML (and forms, of course). You can find out more about this product at the following URL: HiTecSoft's WebConsole for NetWare http://www.hitecsoft.com/html/webconsole.htm You'll even find an online demonstration. Randy Richardson - randy () inter-corporate com Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada http://www.inter-corporate.com/ "Printing nightmares? Enjoy sweet dreams with NDPS on NetWare."
Current thread:
- Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability) Ken Williams (Oct 07)
- <Possible follow-ups>
- Re: Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability) Boynton, David, SSgt, AFPOA/DPSM (Oct 08)
- More Rconsole stuff Chris Brenton (Oct 09)
- Re: More Rconsole stuff Randy Richardson (Oct 12)
- Referer (was Patches for wwwboard.pl) Michael Blythe (Oct 09)
- MacAttack Spikeman (Oct 08)
- Referer (was Patches for wwwboard.pl) Lincoln Stein (Oct 09)
- Re: Referer (was Patches for wwwboard.pl) David Schwartz (Oct 12)
- Re: Referer (was Patches for wwwboard.pl) Lincoln Stein (Oct 13)
- Re: Referer (was Patches for wwwboard.pl) Kevin Littlejohn (Oct 13)
- More Rconsole stuff Chris Brenton (Oct 09)
- CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen Aleph One (Oct 13)
- FreeBSD Security Advisory: FreeBSD-SA-98:07.rst Aleph One (Oct 13)
- Re: Referer (was Patches for wwwboard.pl) Adam Shostack (Oct 10)
- Followup to FP98 and other Frontpage bugs pedward () WEBCOM COM (Oct 12)