Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vulnerability in Novell Netware

From: Jacek Lipkowski <sq5bpf () ACID CH PW EDU PL>
Date: Tue, 13 Mar 2001 12:03:48 +0100
It has been a while since i did anything with netware, but i seem to
remember, that under netware 3.x this bug also existed. There was
usually a printer object (object type 6 or 7 if i remember correctly),
that often had a name the same as the server (but not always). This object
had no LOGIN_CONTROL (it may have had another name) property (and thus
had no password). Whis is interesting is that netware 3.x had a function
called something like ChangeToClientRights(), which you could call to
switch your privilege (but you had to be object type 6 or 7 or whatever it
was). This function worked similar to setuid(), it was meant to allow the
printer object to take jobs out of the queue with permissions of the user
who submitted them.

The bugs in later netware versions that people have described are probably
for reasons of backward compattibility or something.

jacek

ps. it has been 4 years since i've done any netware programming/security
work so this may be totally inaccurate.
Previous By Date Next
Previous By Thread Next

Current thread: