Novell invisible supervisor account creation

Novell invisible supervisor account creation

Post by Mark Swans » Thu, 23 Sep 1993 05:59:49



I heard that there was a way to 'become' a supervisor in Novell when you ran a certain program.  We are concerned about the security of our Novell network and
would like a copy (or source) of this program to test on our network.
Any info would be greatly appreciated.  Thanks.
--

 
 
 

Novell invisible supervisor account creation

Post by Wolfgang L » Thu, 23 Sep 1993 16:59:05



> I heard that there was a way to 'become' a supervisor in Novell when you ran a certain program.  We are concerned about the security of our Novell network and
> would like a copy (or source) of this program to test on our network.
> Any info would be greatly appreciated.  Thanks.
> --


===========================================================================
CA-93:12                        CERT Advisory
                              September 16, 1993
                        Novell LOGIN.EXE Vulnerability

---------------------------------------------------------------------------

The CERT Coordination Center has received information concerning a security
vulnerability in Novell's NetWare 4.x login program (LOGIN.EXE). This
vulnerability affects NetWare 4.0 and 4.01. It does not affect NetWare 2.x,
NetWare 3.x, or Netware for UNIX.

Novell is making available a security enhancement to the login program for
NetWare 4.x. CERT strongly recommends that sites using of Novell NetWare 4.X
replace their current LOGIN.EXE program on all affected systems with this
security-enhanced version as soon as possible.

---------------------------------------------------------------------------
I.   Description:

     A security vulnerability exists in LOGIN.EXE in Novell NetWare 4.X.
     In some environments, a user's name and password may be temporarily
     written to disk.

II.  Impact:

     User accounts may be readily compromised.

III. Solution:

     NetWare 4.x sites should obtain and install on all affected systems
     the security-enhanced LOGIN.EXE program. CERT strongly recommends that
     sites replace their current LOGIN.EXE with the security-enhanced version
     as soon as possible.  

     This new file is available via anonymous FTP from first.org. The files
     are located in:

     Filename                        Size     Checksum
     --------                        ------   -----------------------------
     /pub/software/seclog.exe        166276   00193 163 (Standard UNIX Sum)
                                              58886 325 (System V Sum)

     This file is also available at no charge through NetWare resellers,
     on NetWire in library 14 of the NOVLIB forum, or by calling
     +1-800-NETWARE.  NetWare customers outside the U.S. may call
     Novell at +1-303-339-7027 or +31-55-384279 or may fax a request for
     SECLOG.EXE v4.02 to Novell at +1-303-330-7655 or +31-55-434455. Fax
     requests should include company name, contact name, postal address,
     and phone number.

     The distribution SECLOG.EXE is a self-extracting archive that  
     contains a patched file and a text file of installation instructions.
     The patch file (LOGIN.EXE) and the text file (SECLOG.TXT) are created
     by executing the distribution file SECLOG.EXE. After extracting the
     files, the dir command should produce the following output:

         SECLOG   EXE  166276    xx-xx-xx   xx:xxx
         LOGIN    EXE  354859    08-25-93   11:43a
         SECLOG   TXT    5299    09-02-93   11:16a

     Note that the date and time shown for SECLOG.EXE will reflect when
     this file was created on your system.

     To install the patch, follow the directions contained in the text file
     SECLOG.TXT.

     After installing the patch, sites should instruct all users to change
     their passwords.

---------------------------------------------------------------------------
The CERT Coordination Center would like to thank Karyn Pichnarczyk and
the contribution of CIAC to this advisory. We would also like to
acknowledge Richard Colby of Chem Nuclear Geotech, Inc., for reporting
this vulnerability to CIAC, and Novell for their efforts in the
resolution of this vulnerability.
---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in FIRST (Forum of Incident
Response and Security Teams).


Telephone: 412-268-7090 (24-hour hotline)
           CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
           and are on call for emergencies during other hours.

CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous FTP
from cert.org (192.88.209.5).

Bye,
  Wolfgang.
--
---------------------------------------------------------------------------

        Teichstrasse 9
D-38678 Clausthal-Zellerfeld     "With workstations you can do a lot of
        (Germany)                 nonsense. With PC's not even that..."
        Phone: +49 5323 82132
---------------------------------------------------------------------------



 
 
 

Novell invisible supervisor account creation

Post by Florian Schnab » Sat, 25 Sep 1993 03:40:43



> I heard that there was a way to 'become' a supervisor in Novell when you ran a certain program.  We are concerned about the security of our Novell network and
> would like a copy (or source) of this program to test on our network.
> Any info would be greatly appreciated.  Thanks.
> --


That doesn't sound very convincing at all.
Why would a sysadmin request a program like that by sending
mail from a public access system instead of getting the right
patch for NW4.X ?
This is not 'alt.hackers' guys...

-Florian

------------------------------------------------------------------------------

Florian Schnabel                              
                                           |(And as things fell apart          

PGP 2.3 available on request.

 
 
 

Novell invisible supervisor account creation

Post by Timothy Newsh » Mon, 27 Sep 1993 05:51:11



>That doesn't sound very convincing at all.
>Why would a sysadmin request a program like that by sending
>mail from a public access system instead of getting the right
>patch for NW4.X ?
>This is not 'alt.hackers' guys...

sounds more like alt.security-through-obscurity.
>Florian Schnabel                              
>                                           |(And as things fell apart