ID CVE-2004-2414
Summary Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords.
References
Vulnerable Configurations
  • cpe:2.3:o:novell:netware:6.5:sp1.1a
    cpe:2.3:o:novell:netware:6.5:sp1.1a
CVSS
Base: 2.1 (as of 26-08-2005 - 09:19)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Netware
NASL id NETWARE_OPENSSH_INFO_LEAK.NASL
description According to the list of enumerated software packages, the version of Novel NetWare installed on the remote host may have an information disclosure vulnerability. Admin/install passwords are stored in the NIOUTPUT.TXT and NI.LOG installation log files. A local attacker could exploit this to gain access to sensitive information. Systems are vulnerable if an installation/upgrade was performed using the NetWare 6.5 Support Pack 1.1 Overlay CDs, and when the OpenSSH component is selected during Custom Installation.
last seen 2019-02-21
modified 2018-07-16
plugin id 44064
published 2011-09-26
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=44064
title Novell NetWare 6.5 Support Pack 1.1 Admin/Install Local Information Disclosure
refmap via4
bid 9934
confirm http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968534.htm
secunia 11188
xf netware-installation-file-disclosure(15600)
Last major update 05-09-2008 - 16:44
Published 31-12-2004 - 00:00
Last modified 10-07-2017 - 21:31
Back to Top