SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Networking Stack (NetWare)  >   NetWare Vendors:   Novell
Re: Novel Netware Allows Login Access With No Passwords
SecurityTracker Alert ID:  1001073
SecurityTracker URL:  http://securitytracker.com/id/1001073
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 12 2001
Impact:   User access via network

Version(s): Netware 3.1-5.1
Description:   A vulnerability has been reported in the default configuration of Novell Netware that allows login access with no passwords.

A user reports that this may not work with NDPS printing and that you'll need to create an old fashioned queue-based setup.

This user was able to replicate it on both 4.11 sp9 & 5.0 sp6a servers. However, print server objects created by AXIS NetPilot or HP-JetDirect don't work - they give a 669 error (effectively, incorrect password); that is as opposed to a -601 for object not found.

Impact:   An attacker can log into a Netware network using a Print Server account and obtain the rights of the container that the Print Server resides in.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com (Links to External Site)
Cause:   Authentication error

Message History:   This archive entry is a follow-up to the message listed below.
Mar 12 2001 Novel Netware Allows Login Access With No Passwords



 Source Message Contents

Subject:  Re: Vulnerability in Novell Netware


I don't believe this will work with NDPS printing - you'll need to create an old
fashioned queue-based setup.

A colleague showed this 'vulnerability' to me a little over 3 years ago on a
4.11 network.  However, he was using his own software that was authenticating
via API calls, rather than via client32.  I thought it was interesting at the
time, but assumed it was a known bug after hearing  of it from a few other
sources.

I have just replicated it now on both 4.11 sp9 & 5.0 sp6a servers.  However,
print server objects created by AXIS NetPilot or HP-JetDirect don't work - they
give a 669 error (effectively, incorrect password); that is as opposed to a -601
for object not found.

It may fail using Netware clients as they request a number of properties of the
authenticated user that might not exist in the schema for a print server object.

I tested using "ncpmount" from a Linux box.


Matthew

-----Original Message-----
From: Derek Wilson [mailto:WilsonD@GRANDCASINOS.COM]
Sent: Saturday, 10 March 2001 3:49
Subject: Re: Vulnerability in Novell Netware


Tested the Exploit on Netware 5.1 SP2 with the context and username set to the
print server's context and username. I got an error logging in. No password was
set for the print server (I don't think its possible). The printer was an NDPS
printer. Does this only happen with "public access" printers, or was it a
different service pack you tried it on?

Derek Wilson
wilsond@grandcasinos.com
PPE Mid-South Region
(V) 228.604.5106
(P) 228.516.3945


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC