Bugtraq mailing list archives
Re: FW: Vulnerability in Novell Netware
From: Jacek Lipkowski <sq5bpf () ACID CH PW EDU PL>
Date: Thu, 15 Mar 2001 18:32:28 +0100
On Wed, 14 Mar 2001, Jeffrey Seaton wrote:
Yeah I took a look at this but it is not a problem at all. If a system administrator is worried about someone logging in as a print server just extend the objects attributes and add a simultaneous login attribute. You can set this to 1 and only the print server will login. You can do this with Console1 or schemax. These are free utilities with Novell.
Yes, but what if you can DOS the print server (hp jetdirect for example was vulnerable to DOS), or just switch it's power off (printers are usually in more or less public areas). After a while the printer gets logged out when it doesn't answer watchdog packets. BTW, does ChangeToClientRights() work with netware 4.x or 5.x? Jacek Lipkowski ps. this vulnerability is hardly new, it was known for several years (in netware 3.x), I seem to remember some discussion about ChangeToClientRights() in the nw-hack list
Current thread:
- Re: Vulnerability in Novell Netware, (continued)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Thomas M. Payerle (Mar 13)
- Re: Vulnerability in Novell Netware Jacek Lipkowski (Mar 14)
- Re: Vulnerability in Novell Netware Jon Miner (Mar 14)
- Re: Vulnerability in Novell Netware hhoogend (Mar 12)
- Re: Vulnerability in Novell Netware Mike Glassman - Admin (Mar 12)
- Re: Vulnerability in Novell Netware Ben Ponting (Mar 12)
- Re: Vulnerability in Novell Netware Scott Smith (Mar 13)
- Re: Vulnerability in Novell Netware Matthew Firth (Mar 12)
- Re: Vulnerability in Novell Netware Simple Nomad (Mar 13)
- Re: FW: Vulnerability in Novell Netware Jeffrey Seaton (Mar 15)
- Re: FW: Vulnerability in Novell Netware Jacek Lipkowski (Mar 16)
- Re: FW: Vulnerability in Novell Netware Krzysztof Halasa (Mar 19)