Bugtraq mailing list archives

Novell Netware Login "bypass" to execute programs


From: "Philip Wagenaar" <PB.Wagenaar () Chello NL>
Date: Fri, 11 Jan 2002 19:45:15 +0100

Not sure if this is known or not but I did not find anything about it on
novell.com, securityfocus.com and after doing a websearch on google with
some keywords about it.

I don't have the resources to test this "bug" on other versions. And i`m
not even sure if this classifies as bug but it could give unrestricted
access on win95/98 (maybe more?) machine's without logging in properly
or at all even.

This was on a windows 95 machine running novell netware client.

When you boot the machine you get the novell netware login screen. Here
you are supposed to enter login and password to go into windows. But if
you pause the mouse over certain area's of the login window you get the
"alt" text "What is this?" and when you select it, Windows help opens.
From there you can use the File -> Open menu and select type files as
*.* and open any file you want.

We found this out today but did not give much more attention to it
because it was after five o'clock and our weekend already started ;-) So
that's why I can't give you the specific version of novell netware
because I don't remember, but I did do some quick research to see if
this was known or not and couldn't find anything about it.

Last time I posted something I thought was a bug to this list it wasn't
my intention to post it as a I-am-sure-i-found-a-bug mail and after some
research and testing it was not a bug afterall and it got removed from
the vuln. Page, that's why i`d like some feedback first. I know at least
some people are able to reproduce this because our configurarion is
commonly used. I'm just trying to find out which versions of netware and
windows are affected by this.

I also thought about if this is a novell netware bug or a windows bug,
but if you write this sort of network software, especially the
loginscreen, I guess it's novell netware's responsibility.

Hoping for lots of feedback

Philip Wagenaar




Current thread: