Netware IPX Admin Session Spoof Vulnerability

Novell has a packet signature mechanism to verify the source of certain types of packets. This mechanism can be configured to be used always (level 3), if possible by the other side (level 2), if requested by the other side (level 1), or never (level 0). Unless the signature level is set to 3, IPX fragmented requests/replies (NCP call 0x68) are not signed. If the client is set at 1, part of a session can be spoofed. If the session is an Admin session, Admin privileges can be gained.


Privacy Statement
Copyright 2010, SecurityFocus