Home page logo

bugtraq logo Bugtraq mailing list archives

ref advisory #20000907
From: John McCain <jmccain () POMEROY COM>
Date: Fri, 8 Sep 2000 14:20:20 -0400

Your statements regarding this security "hole" are misleading.

While it is true that not watching write rights to ACL's can lead to network problems, anyone who has undergone any 
level of Netware training knows the extent to which Novell warns against granting broad property write rights, 
specifically because of the danger of giving someone rights to another object's ACL.  Setting a property level IRF on 
the ACL property would neither be time consuming nor prone to error.

The dangers of granting write property rights to ACLs is discussed extensively in the training materials for Novell's 
CNA certification, their base level of certification.  I suggest you review these materials before publishing similar 
warnings, or availing yourself of someone who has.

  By Date           By Thread  

Current thread:
  • ref advisory #20000907 John McCain (Sep 08)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]