Re: Vulnerability in Novell Netware

[David Howe <DHowe () HAWKSWING DEMON CO UK>]

> I tried it on Netware 4.11 SP9. Logged in as the print server , but with
> limited access to resources. I didn't fully test after logged in, but it's
> possible.
> Brad B
NW4 was usually happy to let you log in as anything that had a valid
public/private keypair - print servers being a good example (the
occasionally VERY useful NW-HACK file had a long list of accounts that would
be vunerable - mostly due to sloppy installers for third-party printer or
backup packages.)
Obvious first step is to apply station restrictions and limit what a print
server can see to just the print queues - it doesn't need much if anything
else, so why leave the door open? Many system objects (such as print
servers) exist in the same context as the print queues they serve, which in
turn are in the same context as the users - and many admins assign file
access rights globally to the container (which then cascade down to the
print server object) rather than groups.

One thing that *is* annoying is NDPS legacy support - if you are reading
from or writing to a legacy NDS queue, you are required to log in (the older
NFS support addon did not do this, and it came as a nasty shock to our
licencing guy when we sidegraded to NW5.1 and got bitten by this one - and
the Pervasive licencing thing)
I was unable to find any way of having this login account carry a password
without having to retype that password once per printer whenever NDPS was
resynced or restarted - which I wasn't willing to wear.  Current setup on my
boxen is complete separation of NDPS (which has LPR in and out support, plus
NDPS queue, but no legacy queue) from legacy printers - entirely due to
these two issues.