Bugtraq mailing list archives
Re: Vulnerability in Novell Netware
From: Jacek Lipkowski <sq5bpf () ACID CH PW EDU PL>
Date: Tue, 13 Mar 2001 12:03:48 +0100
It has been a while since i did anything with netware, but i seem to remember, that under netware 3.x this bug also existed. There was usually a printer object (object type 6 or 7 if i remember correctly), that often had a name the same as the server (but not always). This object had no LOGIN_CONTROL (it may have had another name) property (and thus had no password). Whis is interesting is that netware 3.x had a function called something like ChangeToClientRights(), which you could call to switch your privilege (but you had to be object type 6 or 7 or whatever it was). This function worked similar to setuid(), it was meant to allow the printer object to take jobs out of the queue with permissions of the user who submitted them. The bugs in later netware versions that people have described are probably for reasons of backward compattibility or something. jacek ps. it has been 4 years since i've done any netware programming/security work so this may be totally inaccurate.
Current thread:
- Vulnerability in Novell Netware Vulnerability Help (Mar 09)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Adrian Bolzan (Mar 13)
- <Possible follow-ups>
- Re: Vulnerability in Novell Netware Derek Wilson (Mar 11)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware David Howe (Mar 12)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware Brad Bendily (Mar 12)
- Re: Vulnerability in Novell Netware - Yeah, it's a user. So what? Kain (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
- Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
- Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)