Bugtraq mailing list archives

Re: More Rconsole stuff

From: randy () INTER-CORPORATE COM (Randy Richardson)
Date: Sun, 11 Oct 1998 23:49:42 -0800


[Snip]

As of NetWare 4.x, Novell recommends using the Inetcfg utility for
managing networking. If you have "load remote" in the autoexec.ncf,
Inetcfg will try to grab it and add it to Inetcfg's scripts.

The problem here is that Inetcfg saves the Rconsole password to SYS:ETC
in a file named Netinfo.cfg. All users have full read access to this
directory so anyone with a valid account can view the Rconsole password.
Given Simple Nomad's post, even if you cut and paste in order to ensure
that the password is encrypted, it is still extremely vulnerable.


        That's not correct.  By default, users don't have access to SYS:ETC.  If you
grant them access here, then you're asking for trouble because the only modules
that need access to this directory are the NLMs (NetWare Loadable Modules) that
run on the server.

The patch would be to call remote from another NCF file which is stored
in the SYS:SYSTEM directory. This will at least limit access to only
Admins. This will also prevent Inetcfg from trying to grab it. Of course
the real fix would be to not use Rconsole. ;)


        This is a good solution if users do have access to SYS:ETC, but if your users
do have access to SYS:ETC then it is time to find out why.

I've also noticed (with 4.1x anyway) that if you enable Telnet access to
the server, remote sessions are not logged. Combine this with the above
and any user can now whack away at the server console without leaving an
audit trail.


        I agree.  TelNet access should be disabled on NetWare 3.x and NetWare 4.x
servers.

Any known patches for the above would be most cool,
Chris

[Snip]

        HiTecSoft has a product called "WebConsole" which allows RConsole-style
control of a server through straight HTML (and forms, of course).  You can find
out more about this product at the following URL:

                HiTecSoft's WebConsole for NetWare
                http://www.hitecsoft.com/html/webconsole.htm

        You'll even find an online demonstration.

Randy Richardson - randy () inter-corporate com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
http://www.inter-corporate.com/

"Printing nightmares?  Enjoy sweet dreams with NDPS on NetWare."

Current thread:

Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability) Ken Williams (Oct 07)
- <Possible follow-ups>
- Re: Patches for wwwboard.pl (Was: Re: wwwboard.pl vulnerability) Boynton, David, SSgt, AFPOA/DPSM (Oct 08)
  - More Rconsole stuff Chris Brenton (Oct 09)
    - Re: More Rconsole stuff Randy Richardson (Oct 12)
  - Referer (was Patches for wwwboard.pl) Michael Blythe (Oct 09)
    - MacAttack Spikeman (Oct 08)
    - Referer (was Patches for wwwboard.pl) Lincoln Stein (Oct 09)
    - Re: Referer (was Patches for wwwboard.pl) David Schwartz (Oct 12)
    - Re: Referer (was Patches for wwwboard.pl) Lincoln Stein (Oct 13)
    - Re: Referer (was Patches for wwwboard.pl) Kevin Littlejohn (Oct 13)
    - CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen Aleph One (Oct 13)
    - FreeBSD Security Advisory: FreeBSD-SA-98:07.rst Aleph One (Oct 13)
    - Re: Referer (was Patches for wwwboard.pl) Adam Shostack (Oct 10)
    - Followup to FP98 and other Frontpage bugs pedward () WEBCOM COM (Oct 12)

(Thread continues...)