Vulnerability Development mailing list archives
Re: Buffer overflows on Netware 4x and 5x
From: Roland () ERCA NL (Roland Kool)
Date: Wed, 1 Mar 2000 18:17:49 +0100
Thanks all for replying. From responses I have noticed that my query was not well defined. I was not looking for hacks for Netware, but I was wondering if buffer overflow attacks would work on Netware to gain a remote shell (much like in NT and Unix). Nomad's website is excellent and I was already aware of known insecurities in Netware. But most of the attacks rely on being able to sniff on the network to gain access to password hashes and so on. But when I hook up my server to the internet, how save is it? Is it possible on Netware to attack it with bufferoverflow to gain access to the console? Or is the only way to "hack" it by means of DoS attacks (without gaining any privi- ledges). The fact that netware is not widely used, doesn't mean it is save, although I think (looking at some responses) it is more secure than current Unix or NT based solutions. But that's IMHO. Anyone may try to convince me otherwise. Thanks Roland
"Michael D. Russo" <Michael.Russo2 () storagenetworks com> 03/01/00 04:13PM >>>
FYI: The quickest way to come up to speed on Netware Vulnerabilities is to go to www.axent.com and review their vulnerabilities lists (whitepapers, etc.) that their NetRecon product Scans for... in a mixed NT, Unix, NetWare shop, NetRecon is very useful since it scans for TCPIP, NetBios and IPX/SPX protocol vulnerabilities, since NetWare can be bound with both tcpip and IPX/SPX a sly way to penetrate a tcpip network is to hack ipx/spx well known exploits on a dual stacked NetWare box. There are quite a few well known ipx/spx hacks that will indeed get you NetWare Supervisor (3.x) or NDS Admin privileges. Considering that Novell is attempting to position NetWare 5.x as a web server ie: with TCPIP as a "native" protocol, if someone hacks the box thru ipx/spx, they are then off to the races... the only saving grace is that most hacker tools, sniffers, stealth spying tools (NMAP) and DDoS attack suites are developed and ported primarily on Unix and NT systems and not NetWare. hth Michael D. Russo Information Security Project Manager Strategy & Engineering Department Information Security Group Storage Networks, Inc. 100 Fifth Avenue, Third Floor Waltham, Massachusetts USA 02451 URL: http://www.storagenetworks.com/ EMAIL: mdrusso () storagenetworks com -----Original Message----- From: Roland Kool [mailto:Roland () ERCA NL] Sent: Monday, February 28, 2000 6:10 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Buffer overflows on Netware 4x and 5x Hi, This is my first post to the list and I hope it's on topic. I work on a college and am currently writing a security paper for our site. Our environment primarily consists of Netware server, versions 4.x and 5.x. I am not a hacker, just a security conscious network administrator who likes to keep his Netware boxes secure. So my question is this: are there any know buffer overflow exploits/possibilities on Netware boxes? Netware is capable of running more than just file and print services. In our environment we run almost everything on them. Is the Netware architecture vulnerable to buffer overflow attacks? Just like in NT and Unix there is a console that can be compromised. Netware also supports the XCONSOLE.NLM (telnet daemon) which makes itself a potential hacking target. Does anyone know if any such exploits exist on Netware? I have never seen them but that doesn't mean they aren't there. Is it possible? Thanks Roland
Current thread:
- Re: Buffer overflows on Netware 4x and 5x Simple Nomad (Mar 01)
- <Possible follow-ups>
- Re: Buffer overflows on Netware 4x and 5x Roland Kool (Mar 01)