Novell Netware Xsession Unauthorizied Server Console Access Vulnerability
BID:12831
Info
Novell Netware Xsession Unauthorizied Server Console Access Vulnerability
| Bugtraq ID: | 12831 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-0819 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Novell Netware 6.5 SP3 Novell Netware 6.5 SP2 |
| Not Vulnerable: | |
Discussion
Novell Netware Xsession Unauthorizied Server Console Access Vulnerability
It is reported that Netware is affected by a vulnerability that may allow an unauthorized user to access the server console of a computer that is responsible for providing xwindows sessions. The cause of the vulnerability is an access validation error due to missing authentication routines.
This issue can allow an attacker to delete and manipulate data on the server and may lead to other attacks.
Novell Netware 6.5 SP2 and subsequent versions are reportedly affected by this vulnerability. It is possible that other versions are affected as well.
It is reported that Netware is affected by a vulnerability that may allow an unauthorized user to access the server console of a computer that is responsible for providing xwindows sessions. The cause of the vulnerability is an access validation error due to missing authentication routines.
This issue can allow an attacker to delete and manipulate data on the server and may lead to other attacks.
Novell Netware 6.5 SP2 and subsequent versions are reportedly affected by this vulnerability. It is possible that other versions are affected as well.
Exploit / POC
Novell Netware Xsession Unauthorizied Server Console Access Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Novell Netware Xsession Unauthorizied Server Console Access Vulnerability
Solution:
Novell has released advisory TID2971038 and a patch for NetWare 6.5 SP2 and subsequent versions:
Novell Netware 6.5 SP3
Novell Netware 6.5 SP2
Solution:
Novell has released advisory TID2971038 and a patch for NetWare 6.5 SP2 and subsequent versions:
Novell Netware 6.5 SP3
-
Novell xvsft1.exe
http://support.novell.com/servlet/filedownload/sec/ftf/xvsft1.exe
Novell Netware 6.5 SP2
-
Novell xvsft1.exe
http://support.novell.com/servlet/filedownload/sec/ftf/xvsft1.exe
References
Novell Netware Xsession Unauthorizied Server Console Access Vulnerability
References:
References:
- Novell Support (Novell)
- TID2971038 - Xsession Vulnerability (Novell)