Novell NetWare Admin/Install Password Disclosure Vulnerability
BID:9934
Info
Novell NetWare Admin/Install Password Disclosure Vulnerability
| Bugtraq ID: | 9934 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 20 2004 12:00AM |
| Updated: | Mar 20 2004 12:00AM |
| Credit: | This issue was described in a Novell Technical Information Document. |
| Vulnerable: |
Novell Netware 6.5 SP1.1(a) |
| Not Vulnerable: |
Novell Netware 6.5 SP1.1(b) |
Discussion
Novell NetWare Admin/Install Password Disclosure Vulnerability
Novell has reported a vulnerability in Novell NetWare 6.5 Support Pack 1.1 that may allow an attacker to gain access to the administrator password. According to Novell this vulnerability only affects users who meet the following conditions:
1) Performed installations or upgrades (locally or remotely) using the NetWare 6.5 Support Pack 1.1 Overlay CDs.
2) Selected Custom Installation and selected the OpenSSH component.
The admin/install password is stored in the 'NIOUTPUT.TXT' and 'NI.LOG' files. The likelihood of successful exploitation of this issue is relatively small as these files are usually protected by the operating system via the administrator's access controls.
Novell has reported a vulnerability in Novell NetWare 6.5 Support Pack 1.1 that may allow an attacker to gain access to the administrator password. According to Novell this vulnerability only affects users who meet the following conditions:
1) Performed installations or upgrades (locally or remotely) using the NetWare 6.5 Support Pack 1.1 Overlay CDs.
2) Selected Custom Installation and selected the OpenSSH component.
The admin/install password is stored in the 'NIOUTPUT.TXT' and 'NI.LOG' files. The likelihood of successful exploitation of this issue is relatively small as these files are usually protected by the operating system via the administrator's access controls.
Exploit / POC
Novell NetWare Admin/Install Password Disclosure Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Novell NetWare Admin/Install Password Disclosure Vulnerability
Solution:
Novell has released Technical Information Document TID2968534 containing NetWare 6.5 Support Pack 1.1(b) to address this issue. Please see the document in web references for more information.
Solution:
Novell has released Technical Information Document TID2968534 containing NetWare 6.5 Support Pack 1.1(b) to address this issue. Please see the document in web references for more information.
References
Novell NetWare Admin/Install Password Disclosure Vulnerability
References:
References: