|
Novell Netware "nlm" Screensaver Password Bypass Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA13434
|
|
|
Release Date:
|
2004-12-14
|
|
|
Critical:
|

Less critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Novell Netware 5.x Novell NetWare 6.x
|
|
|
|
Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS! |
|
|
Description: Novacoast has reported a vulnerability in Novell Netware, which can be exploited by a malicious person with physical access to a system to bypass the password protected screensaver.
The problem is that some hotkeys are still enabled when the password protected "nlm" screensaver locks a console. This can be exploited to shutdown the screensaver via e.g. the Netware debugger triggered by the ALT-SHIFT-SHIFT-ESC key combination.
The vulnerability has been reported in versions 5.1, 6.0, and 6.5.
Solution: Apply Novell BorderManager ICSA Compliance Kit version 5.0d (see original advisory).
Provided and/or discovered by: Novacoast
Original Advisory: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2969741.htm
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
24 Related Secunia Security Advisories, displaying 10
|
|
|
1. Novell Netware DNS Cache Poisoning Vulnerability
|
|
2. Novell NetWare iPrint Request Denial of Service
|
|
3. Novell NetWare XNFS Buffer Overflow Vulnerability
|
|
4. Novell NetWare Welcome web-app Cross-Site Scripting
|
|
5. Novell NetWare Apache HTTP Request Smuggling Vulnerability
|
|
6. Novell Netware abend.log User Credentials Disclosure
|
|
7. Novell Distributed Print Services Integer Overflow Vulnerability
|
|
8. Novell NetWare NILE.NLM SSL Negotiation Vulnerabilities
|
|
9. Novell NetWare NWFTPD Potential Denial of Service Vulnerability
|
|
10. Novell NetWare CIFS Denial of Service Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|