Bugtraq mailing list archives
Re: Vulnerability in Novell Netware
From: Simple Nomad <thegnome () NMRC ORG>
Date: Tue, 13 Mar 2001 16:33:47 -0600
I think the main issue regarding the Novell print queue thing does involve logging in via APIs and not using the client software. By specifying your object type as that of a printer (something the client code does not support) you can log in as the printer. And yes you can brute force the password since Intrusion Detection does not apply here. The main reason for gaining access to the server this way is because the printer objects have access to an API call called ChangeToClientRights. The sploit is supposed to go: 1. Login as printer. 2. Wait for supe/admin person to print something. 3. Execute ChangeToClientRights. 4. Do bad things. Supposedly several people have had the code to do this for a while. It is one of those 0-day things Netware hackers trade ;-) Anyway, there is some code at http://www.nmrc.org/files/netware/netware.zip that is supposed to do a lot of this stuff. I couldn't get it to work on 5.x SP2, and can't really vouch for it, but everyone is free to try it out. It is also somewhere on Packetstorm as well. - Simple Nomad - "No rest for the Wicca'd" - - thegnome () nmrc org - - - thegnome () razor bindview com - www.nmrc.org razor.bindview.com -
Current thread:
- Re: Vulnerability in Novell Netware, (continued)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
- Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
- Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)