Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Novell Netware Copy

From: qwerty604 () HOTMAIL COM (first Last)
Date: Fri, 24 Mar 2000 00:03:59 CST

Through exploration on a LAN, I have found either a bug or an oversight on
Novell Netware that allows a local user read/write access to any file on
drive C (maybe network drives).
When clicking on the right button on any file under Windows explorer, the
local security program (FoolProof) turns off all selections except for an
option called "Netware Copy". If one selects Netware Copy, it asks for a
destination and you can type ANY file on drive C and it will either create a
new file or overwrite the old file. Under normal usage, drive C is write
protected.
They're using the latest version of Novell Netware (4 or 5) with an OS of
Win95.

Can someone test to see if Netware Copy is a flaw or an oversight. I'm also
wondering what are the ethics here. If there's something this easy, is it
wrong to Netware Copy anything I want? (i.e. move security program, install
other apps)  <--Yes, I did notify the Admins of security flaws through
e-mail but they never responded
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
Previous By Date Next
Previous By Thread Next

Current thread: