Re: Vulnerability in Novell Netware - Yeah, it's a user. So what?

[Kain <kain () KAIN ORG>]

On Thu, Mar 08, 2001 at 01:36:23PM -0700, Vulnerability Help wrote:
> The information in this advisory was supplied by Chris Hughes
> <hughescj () usa net>.  This security advisory is not endorsed by
> Security-Focus.com.
>
> Vulnerability in Novell Netware
> Date Published: 03/08/01
> Advisory ID: n/a
> Bugtraq ID: 2446
> CVE CAN: None currently assigned.
> Title: Novell Netware Print Server Vulnerability
> Class: Configuration Error
> Remotely Exploitable: Yes
> Locally Exploitable: Yes
>
> Vulnerability Description: Novell Netware allows a user to log into a
> Novell Network by using a Printer Server as the username.  By default,
> Novell Print Servers have blank passwords.
> In addition, Novell Print Servers do not have intruder detection capability
> as a user account would, so they are vulnerable to a brute force attack
> without risk of account lockout. When a Print Server is logged into as a
> User, the account will have the same rights as are assigned to the container
> that it resides in.

I haven't worked with netware since 4.11, but I remember that the documentation (Netware Manuals) covers this.  It 
mentions that to handle print-spools and the like, Netware Printer Servers need a user object to work as and to protect 
that user accordingly.  Someone correct me if I'm wrong here.

Granted, with NDS, it may no longer have been necessary to have that user, but Novell wanted to have Bindery 
compatability.

There *ARE* ways to works around this, even though it still is a design flaw, it's not a severe insecurity IMHO.
-- 
**
Bryon Roche, Kain <kain () chaosium net>

Attachment: _bin
Description: