Vulnerability in Novell Netware 5.0 (part 2)

From: webmaster@procheckup.com
Date: 05/29/02 

Date: 29 May 2002 13:29:59 -0000
From: <webmaster@procheckup.com>
To: bugtraq@securityfocus.com
('binary' encoding is not supported, stored as-is)

Procheckup Ltd
www.procheckup.com

Procheckup Security Bulletin PR02-3

           
  Description: Netware default programs display server
information to attackers.
         Date: 8/1/2002

  Application: Netware enterprise web server
     Platform: Novell NetWare 5.0
     Severity: Remote attackers can discover the location
of the webroot
      Authors: Richard Brain [richard.brain@procheckup.com]
Vendor Status:
CVE Candidate: Not assigned
    Reference: www.procheckup.com/security_info/vuln.html

  Description:
 NetWare 5.1 installed with default settings, installs with
the Novonyx webserver. This webserver resides on port 80
and comes with sample files which disclose information

1) Requesting the following url :-

http://webserver/perl/samples/lancgi.pl

Gives lan board details.

Lan Boards
 
Description Address Media Type Board Number Board Instance
Compaq Ethernet or Fast Ethernet NIC 658B50004354
ETHERNET_802.2 1 1
Compaq Ethernet or Fast Ethernet NIC 658B50004354
ETHERNET_II 2 1

2) Requesting the following url :-

http://webserver/perl/samples/volscgi.pl

Gives the volume names with status information

Volumes
 
Description Total Space Free Space Block Size Total Dir
SYS 6065984 5390848 65536 66048

3) Requesting the following url :-

http://webserver/perl/samples/ndslogin.pl

Seems to allow remote interactive logins.... with NDS tree
viewing

Login to NDS and enumerate the contents

------------------------------------------------------------
--------------------

Fullname: ex: nds:\\novell_tree\novell_context
Username: *

Password:

4) Requesting the following url :-

http://webserver/netbasic/websinfo.bas

Gives the server name and exact netware version running

  Company: Novell
  Revision: NetWare 5.00i
  Date: 27 March 2000

Solution:

Delete all default example programs if not needed.

Legal:

Copyright 2002 Procheckup Ltd. All rights reserved.

Permission is granted for copying and circulating this
Bulletin to the Internet community for the purpose of
alerting them to problems, if and only if, the Bulletin is
not edited or changed in any way, is attributed to
Procheckup, and provided such reproduction and/or
distribution is performed for non-commercial purposes.

Any other use of this information is prohibited. Procheckup
is not liable for any misuse of this information by any
third party.

Relevant Pages

  • Vulnerability in Novell Netware 5.0 (part1)
    ... Procheckup Security Bulletin PR02-1 ... Netware default programs displays server ... image/pjpeg, */* ...
    (Bugtraq)
  • Netware Client for FreeBSD
    ... I have access to a Netware IV server and am trying to connect to it from ... my FreeBSD 5.1-Current desktop. ... I also check out the man page for "mount_nwfs" and run a command to log ...
    (freebsd-questions)
  • Re: Problems with DacEasy and netware server upgrade 9.5
    ... It sounds like things went well on the install, but the NetWare ... you need the PSQL engine installed properly on the server. ... WGE on your workstation and try again. ...
    (comp.databases.btrieve)
  • Re: Suse 9.3 first disappointments.
    ... At the time, Netware was ... UNIX server starting with all of one other machine on the net. ... gotta install part of the server at the server, ... folks insisting that the OS/2 mail server I had set up had gone haywire ...
    (alt.os.linux.suse)
  • FreeBSD NFS client and Netware 6.5 NFS server
    ... Message below is about a FreeBSD server I maintain. ... working ok with Netware 5.1. ... One of the servers was recently upgraded to Netware 6.5 and NFS is no ...
    (freebsd-questions)