F-Secure
Tools
Novell Netware ApacheAdmin Console Security Bypass
| Report ID: | SA32989 |
| Source: | Secunia |
| Date of Discovery: | 05.12.2008 |
| Criticality: | Low |
| Affects: | Novell NetWare 6.x |
| Compromise From: | From remote |
| Compromise Type: | Security bypass |
Summary
A vulnerability has been reported in Novell Netware, which can be exploited by malicious people to bypass certain security restrictions.
Detailed Description
A vulnerability has been reported in Novell Netware, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that a password to the ApacheAdmin console is no longer required after installing an OES2 Linux server into a tree running on NetWare 6.5. This can be exploited to access the ApacheAdmin console and e.g. alter the configuration of the Apache webserver.
The problem is that a password to the ApacheAdmin console is no longer required after installing an OES2 Linux server into a tree running on NetWare 6.5. This can be exploited to access the ApacheAdmin console and e.g. alter the configuration of the Apache webserver.
Solution
Apply Support Pack 8.