ProSoft NetWare Client Mac OS 9 NDS Session Access

1999-11-14T00:00:00
ID OSVDB:7037
Type osvdb
Reporter Matt White(mwhite@madriver.k12.oh.us)
Modified 1999-11-14T00:00:00

Description

Vulnerability Description

Prosoft Netware Client for Mac OS 9 contains a flaw that may allow a malicious user to access NDS under another user's logon. The issue is triggered when a user logs off the Mac OS account, without first logging out of NDS. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Always log off of NDS before logging out of the Mac user session.

Short Description

Prosoft Netware Client for Mac OS 9 contains a flaw that may allow a malicious user to access NDS under another user's logon. The issue is triggered when a user logs off the Mac OS account, without first logging out of NDS. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

References:

Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=94261444428430&w=2 ISS X-Force ID: 8339 CVE-1999-1528 Bugtraq ID: 794