SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Networking Stack (NetWare)  >   Novell Distributed Print Services (NDPS) Vendors:   Novell
Novell Distributed Print Services Discloses Broker Statistics
SecurityTracker Alert ID:  1007863
SecurityTracker URL:  http://securitytracker.com/id/1007863
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 2 2003
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): NetWare 5.1 and 6, NDPS, and iPrint
Description:   A vulnerability was reported in the Novell Distributed Print Services (NDPS). A remote user can view NDPS Broker statistics.

It is reported that a remote user can view NDPS Broker statistics using the following type of URL without having to authenticate to the system:

http://<ip_address>:8008/Broker

A remote user can determine if there is a Broker on this server, the name and context of the Broker object, and which Broker services, if any, are running, the report said.

Novell states that the security risk is low.

Bowulf reportedly discovered this flaw [but Novell did not indicate that in their report].

Impact:   A remote user can view NDPS broker statistics.
Solution:   Novell reports that for NetWare 6 and NetWare 5.1, the support packs NW6SP4/NW51SP7 will include a fix for this issue.
Vendor URL:  support.novell.com/cgi-bin/search/searchtid.cgi?/10087316.htm (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087316.htm


http://support.novell.com/cgi-bin/search/searchtid.cgi?/10087316.htm

 > TID10087316 (last modified 26SEP2003)

A vulnerability was reported in the Novell Distributed Print Services (NDPS).

A remote user can view NDPS Broker statistics using the following type of URL without 
having to authenticate to the system:

http://<ip_address>:8008/Broker

A remote user can determine if there is a Broker on this server, the name and context of 
the Broker object, and which Broker services, if any, are running, the report said.

The following systems are affected:	

Novell NetWare 6
Novell NetWare 5.1
Novell Distributed Print Services (NDPS)
Novell iPrint

NetWare 6.5 is reportedly not affected.

Novell reports that for NetWare 6 and NetWare 5.1, the subsequent support packs 
(NW6SP4/NW51SP7) will include a fix for this issue.

Novell states that the security risk is low.


This flaw was apparently reported to Novell by Bowulf, but the vendor did not provide 
credit in the advisory.


 > Document Title: 	You can see NDPS Broker stats at http
 > Document ID: 	10087316
 > Solution ID: 	NOVL92706
 > Creation Date: 	26SEP2003
 > Modified Date: 	26SEP2003
 > Novell Product Class: 	NetWare




 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC