[virusinfo] Unauthorized access to NetWare Xsessions - 03/18/05

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Sat, 19 Mar 2005 11:10:11 -0800

From; Panda Oxygen3:

"Genius without education is like silver in the mine."
  Benjamin Franklin (1706-1790); US scientist and politician.

         - Unauthorized access to NetWare Xsessions -
 Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, March 18 2005 - Security Tracker has announced, at
http://www.securitytracker.com/alerts/2005/Mar/1013460.html, a
vulnerability in NetWare affecting the xvesa code, which could allow
remote users access to Xwindows sessions without authentication.

A remote user could invoke a specific type of URL to cause the system to
redirect to the active Graphic User Interface on the target system. The
user could access this interface without authenticating. Then, the
remote user could run the server console applet and access the server
console.

Novell has released a fix for NetWare 6.5 SP2. The original Novell
advisory is available at:
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm

NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If
this happens, just use the 'cut' and 'paste' options to join the pieces
of the URL.
 
------------------------------------------------------------

The 5 most frequently detected viruses by Panda ActiveScan, Panda
Software's free online scanner: 1)Mhtredir.gen; 2)Netsky.P;
3)Downloader.GK; 4)Shinwow.E; 5)Sdbot.ftp.

------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------

*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] Unauthorized access to NetWare Xsessions - 03/18/05

1. Home
2. virusinfo
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---