Netware NDS Default Rights Vulnerability

The following commands can be issued by a client connected to a NetWare 4.x or IntranetWare server, revealing most if not all user account names, in addition to most of if not the entire tree layout.
CX /T /A /R - list all readable user and container object names in tree, and can give a rather accurate layout of the containers and basic contents
NLIST USER /D - list info regarding user names in current context
NLIST GROUPS /D - list groups and group membership in current context
NLIST SERVER /D - list server names and OS versions, and if attached reveal if accounting is installed or not
NLIST /OT=* /DYN /D - list all readable objects, including dynamic objects, names of NDS trees, etc


Privacy Statement
Copyright 2010, SecurityFocus