lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: RMcLaren at (Roger McLaren)
Subject: Re: NetWare Screensaver Authentication Bypass
	From The Local Console

This is just another underscore to the fact that physical security is as
important as any other part of your security infrastructure. 

This vulnerability is present in virtually EVERY operating system if
you allow a hacker to gain physical access to your server. Whether you
boot the server from other media to change the Admin password, add an
account, elevate your privileges, or simply copy the password info to
crack at your liesure there is always a way if you have physical

Just my $.02 worth.

Roger R. McLaren
Systems Support Analyst
Information Technology Services
Ventura County Superintendent of Schools 

>>> Brad Bendily <> 12/14/2004 9:00:57 AM >>>

As we all know security comes in layers. The only way this exploit
work is if someone is standing at the server's console. In this way
all servers are subject to vulnerability and I have discovered this 
method of hacking servers. Ok, not really. But I can tell you that if
have access to the server console then I can get access to the box.

This vulnerability is not new, I had to legitimately hack the password
for a couple of my NetWare servers and I did it 3-4 years ago using
this same hack. Preferrably I would rather Novell NOT fix this. It's
a great "just in case" tool.

I think this is a waste of bandwidth.

Brad B.

On Sun, 12 Dec 2004, Adam Gray wrote:

> Novacoast Security Advisory 
> Novell Netware 5/5.1/6.0/6.5 Vulnerability 
> Synopsis: 
> Novacoast has discovered a vulnerability in the Novell NetWare
> System screen saver software. The vulnerability allows a local
> to bypass authentication and access the system console. 
> Description: 
> The Novell Operating System uses the screen saver nlm with lock
> to protect access to the console. When the screen saver is locked
only a
> user in the e-directory tree with supervisor rights to the server
> has the ability to unlock it. It is possible to bypass this
> authentication scheme by entering the debugger within NetWare while
> screensaver is running, kill the screensaver process, and resume the
> operating system without the screen saver or the access control
> running.
> Affected Version: 
> Novell NetWare 5.1
> Novell Netware 6
> Novell NetWare 6.5
> Exploit: 
> with the screensaver nlm running and in enable lock mode press alt
> shift esc. Find the screen saver process in memory. Kill it using
> debugger. If you are not sure how to use the NetWare debugger then
> kill the server with the q key and restart it without the
> running (server -na) edit the autoexec.ncf to keep the screensaver
> running in the future and restart the server normally. The screen
> will not start again.
> Recommended Solution: 
> Install the Bordermanager ICSA Compliance kit
> 	They put the screensaver fix into that patch
> Status: 
> This bug has been submitted to, acknowledged by, and a fix has been
> created and included with the Bordermanager ICSA Compliance toolkit.
> Additional information can be found at the following location: 
> Disclaimer: 
> Novacoast accepts no liability or responsibility for the 
> content of this report, or for the consequences of any 
> actions taken on the basis of the information provided 
> within. Dissemination of this information is granted 
> provided it is presented in its entirety. Modifications 
> may not be made without the explicit permission of 
> Novacoast. 
> Adam Gray 
> CTO 
> Novacoast, Inc. 

Powered by blists - more mailing lists