CVE-1999-1020
CVSS7.5
发布时间 :1998-09-18 00:00:00
修订时间 :2016-10-17 22:00:18
NMCOES    

[原文]The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.


[CNNVD]Netware NDS默认特权漏洞(CNNVD-199809-012)

        Novell Netware NDS 5.99版本的安装为一个树提供带有Read使用权的未经认证的客户端,导致远程攻击者借助CX.EXE和NLIST.EXE访问敏感信息,例如:用户、群组以及可读对象。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:novell:netware:4.1Novell NetWare 4.1
cpe:/o:novell:netware:4.11:sp5b

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1020
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1020
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199809-012
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=90613355902262&w=2
(UNKNOWN)  BUGTRAQ  19980918 NMRC Advisory - Default NDS Rights
http://www.securityfocus.com/bid/484
(VENDOR_ADVISORY)  BID  484
http://xforce.iss.net/static/1364.php
(VENDOR_ADVISORY)  XF  novell-nds(1364)

- 漏洞信息

Netware NDS默认特权漏洞
高危 配置错误
1998-09-18 00:00:00 2005-10-20 00:00:00
远程  
        Novell Netware NDS 5.99版本的安装为一个树提供带有Read使用权的未经认证的客户端,导致远程攻击者借助CX.EXE和NLIST.EXE访问敏感信息,例如:用户、群组以及可读对象。

- 公告与补丁

        Remove CX.EXE and NLIST.EXE or disable public Read access from the root of your NDS tree.
        Ensure all accounts have passwords, and that all assigned passwords are not easily guessed. Ensure Intruder Detection is turned on at the root of your NDS tree.

- 漏洞信息 (19365)

Novell Netware 4.1/4.11 SP5B NDS Default Rights Vulnerability (EDBID:19365)
netware remote
1999-04-09 Verified
0 Simple Nomad
N/A [点击下载]
source: http://www.securityfocus.com/bid/484/info

Non-authenticated clients have access to CX.EXE and NLIST.EXE in the SYS:LOGIN directory of a Netware 4.x server. The default root access is set to Read. Therefore, by using various switch options in CX.EXE and NLIST.EXE, anyone connecting to the server can gain access to NDS tree information such as account names, group names and membership, tree layout etc. By attaching to different servers and switching contexts an intruder could gain an understanding of the NDS structure for the entire network. 

The following commands can be issued by a client connected to a NetWare 4.x or IntranetWare server, revealing most if not all user account names, in addition to most of if not the entire tree layout.
CX /T /A /R - list all readable user and container object names in tree, and can give a rather accurate layout of the containers and basic contents
NLIST USER /D - list info regarding user names in current context
NLIST GROUPS /D - list groups and group membership in current context
NLIST SERVER /D - list server names and OS versions, and if attached reveal if accounting is installed or not
NLIST /OT=* /DYN /D - list all readable objects, including dynamic objects, names of NDS trees, etc 		

- 漏洞信息

612
Novell NetWare NDS Tree Remote Information Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public Uncoordinated Disclosure

- 漏洞描述

- 时间线

1998-09-18 Unknow
1998-09-18 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Netware NDS Default Rights Vulnerability
Configuration Error 484
Yes No
1999-04-09 12:00:00 2009-07-11 12:56:00
Posted to bugtraq on September 18, 1998 by Simple Nomad <thegnome@NMRC.ORG>

- 受影响的程序版本

Novell Netware 4.11 SP5B
Novell Netware 4.1

- 漏洞讨论

Non-authenticated clients have access to CX.EXE and NLIST.EXE in the SYS:LOGIN directory of a Netware 4.x server. The default root access is set to Read. Therefore, by using various switch options in CX.EXE and NLIST.EXE, anyone connecting to the server can gain access to NDS tree information such as account names, group names and membership, tree layout etc. By attaching to different servers and switching contexts an intruder could gain an understanding of the NDS structure for the entire network.

- 漏洞利用

The following commands can be issued by a client connected to a NetWare 4.x or IntranetWare server, revealing most if not all user account names, in addition to most of if not the entire tree layout.
CX /T /A /R - list all readable user and container object names in tree, and can give a rather accurate layout of the containers and basic contents
NLIST USER /D - list info regarding user names in current context
NLIST GROUPS /D - list groups and group membership in current context
NLIST SERVER /D - list server names and OS versions, and if attached reveal if accounting is installed or not
NLIST /OT=* /DYN /D - list all readable objects, including dynamic objects, names of NDS trees, etc

- 解决方案

Remove CX.EXE and NLIST.EXE or disable public Read access from the root of your NDS tree.

Ensure all accounts have passwords, and that all assigned passwords are not easily guessed. Ensure Intruder Detection is turned on at the root of your NDS tree.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站