|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ben Ponting (bponting
HOTMAIL.COM)Date: Sun Mar 11 2001 - 18:54:36 CST
We've tested this exploit with NW 5.1 SP2a using a
queue based Print Server object.
We could login as the object with no password, but
the object only had public rights (ie, browse, compare
and read).
No volume scan, read or write rights.
Though it must have read rights to the print spool
location.
By default the Print Server should not security
equivelance to the container.
But this may have been manually assigned in the
environment where the vulnerability was discovered.
Ben Ponting
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]