lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: agray at novacoast.com (Adam Gray) Subject: NetWare Screensaver Authentication Bypass From The Local Console Novacoast Security Advisory Novell Netware 5/5.1/6.0/6.5 Vulnerability Synopsis: Novacoast has discovered a vulnerability in the Novell NetWare Operating System screen saver software. The vulnerability allows a local attacker to bypass authentication and access the system console. Description: The Novell Operating System uses the screen saver nlm with lock enabled to protect access to the console. When the screen saver is locked only a user in the e-directory tree with supervisor rights to the server object has the ability to unlock it. It is possible to bypass this authentication scheme by entering the debugger within NetWare while the screensaver is running, kill the screensaver process, and resume the operating system without the screen saver or the access control still running. Affected Version: Novell NetWare 5.1 Novell Netware 6 Novell NetWare 6.5 Exploit: with the screensaver nlm running and in enable lock mode press alt shift shift esc. Find the screen saver process in memory. Kill it using the debugger. If you are not sure how to use the NetWare debugger then just kill the server with the q key and restart it without the autoexec.ncf running (server -na) edit the autoexec.ncf to keep the screensaver from running in the future and restart the server normally. The screen saver will not start again. Recommended Solution: Install the Bordermanager ICSA Compliance kit They put the screensaver fix into that patch Status: This bug has been submitted to, acknowledged by, and a fix has been created and included with the Bordermanager ICSA Compliance toolkit. Additional information can be found at the following location: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2969741.htm Disclaimer: Novacoast accepts no liability or responsibility for the content of this report, or for the consequences of any actions taken on the basis of the information provided within. Dissemination of this information is granted provided it is presented in its entirety. Modifications may not be made without the explicit permission of Novacoast. Adam Gray CTO Novacoast, Inc. agray_at_novacoast.com http://www.novacoast.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041212/fb4fdb14/attachment.bin
Powered by blists - more mailing lists