[ISN] NetWare falls prey to hackers

From: mea culpa (jerichot_private)
Date: Sat Jul 18 1998 - 04:30:48 PDT

  • Next message: mea culpa: "[ISN] German party says computer system was hacked"

    Forwarded From: William Knowles <erehwont_private>
    [Infoworld] (7.13.98) A security vulnerability has been identified in all
    shipping versions of NetWare, including Version 5.0, Beta 3, that renders
    NetWare systems susceptible to internal hackers. 
    NetWare's security holes are coming to light due to the efforts of Nomad
    Mobile Research Centre, or NMRC, in Arlington, Texas.  The organization,
    which focuses on exposing bugs and holes in networking software, has
    discovered flaws in the NetWare Core Protocol (NCP) and IPX protocol that
    let hackers sniff and capture data during a typical user's log-in
    sequence. In so doing, hackers can gain a level of security access
    equivalent to the Admin account that has full access to the entire Novell
    Directory Services tree and can do virtually anything from a system and
    administrative standpoint, an NMRC representative said. 
    "This bug completely blows Novell's C2 security certification out of the
    water," the representative said. 
    "Novell has to start taking security flaws seriously, and not just making
    patches available but actually telling people about them and why they're
    important," the representative added. 
    One Novell executive said the company is not at all passive in notifying
    customers of patches. 
    "We are very proactive in documenting solutions and notifying our
    customers of potential security risks," said Michael Simpson, director of
    marketing at Novell. 
    "The work of the NMRC is helpful for our customers, because their
    documents list not only potential problems but several viable solutions,"
    Simpson added. 
    One such solution involves resetting the default NCP packet signatures to
    Level 3. But even this solution is not foolproof, according to the NMRC. 
    "Even when set to signature Level 3, it became apparent that not all
    packets were being signed," the NMRC representative said. 
    At least one analyst said this security bug in NetWare could have serious
    "Any time you can spoof users, security is compromised," said Jim
    Balderston, an analyst at Zona Research, in Redwood City, Calif. "At that
    point, the damage done is limited only by the maliciousness of the
    More information on the NetWare security flaw will be posted this week on
    the NMRC Web site at http://www.nmrc.org. Also, Novell posts information
    and patches at http://www.support.novell.com. 
    Also this week, Novell plans to launch the latest addition to its
    BorderManager line of security and border services solutions, designed to
    facilitate the management of remote users and to ensure secure
    authentication and access to network resources, Novell officials said. 
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:58:36 PDT