From; Panda Oxygen3: "Genius without education is like silver in the mine." Benjamin Franklin (1706-1790); US scientist and politician. - Unauthorized access to NetWare Xsessions - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, March 18 2005 - Security Tracker has announced, at http://www.securitytracker.com/alerts/2005/Mar/1013460.html, a vulnerability in NetWare affecting the xvesa code, which could allow remote users access to Xwindows sessions without authentication. A remote user could invoke a specific type of URL to cause the system to redirect to the active Graphic User Interface on the target system. The user could access this interface without authenticating. Then, the remote user could run the server console applet and access the server console. Novell has released a fix for NetWare 6.5 SP2. The original Novell advisory is available at: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 most frequently detected viruses by Panda ActiveScan, Panda Software's free online scanner: 1)Mhtredir.gen; 2)Netsky.P; 3)Downloader.GK; 4)Shinwow.E; 5)Sdbot.ftp. ------------------------------------------------------------ To contact with Panda Software, please visit: http://www.pandasoftware.com/about/contact/ ------------------------------------------------------------ *********** MIKE"S REPLY SEPARATOR *********** Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member