From: "Jeff V. Merkey" <jmerkey@timpanogas.org>
To: linux-kernel@vger.kernel.org
Subject: NetWare Changing IP Port 524
Date: Tue, 14 Nov 2000 12:11:59 -0700 [thread overview]
Message-ID: <3A118E7F.462BAC34@timpanogas.org> (raw)
Petr/Linux,
If you are relying on port 524 to get SAP information for NCPFS over
TCPIP, you may want to track this since it appears Novell will be
patching this port to close a security flaw. I
added the tracking URL so you can review what changes they are
proposing. I think what they
are proposing as an immediate patch may break NCPFS -- you will need to
check.
:-)
Jeff
Novell NetWare discloses system information
Novell's NetWare operating system contains a flaw that allows
system information to be leaked via TCP port 524 in pure IP
configurations. When NetWare is used in a mix Microsoft
environment, the Novell operating system leaks data via Service
Advertising Protocol (SAP). Other third-party applications
compound the problem as well. A hacker can use the data to gain
knowledge on the inner workings of the affected system. It is
recommended that port 524 be blocked to prevent any leaks. For
more information on SAP:
http://support.novell.com/cgi-bin/search/search.pl?database_name=kb&type=HTM
L&docid=%03%21F221133%3a973867389%3a%20%28%2010050864%20%29%20%20%07%01%00&b
yte_count=71624
**********
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
next reply other threads:[~2000-11-14 19:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-11-14 19:11 Jeff V. Merkey [this message]
-- strict thread matches above, loose matches on Subject: below --
2000-11-14 20:48 NetWare Changing IP Port 524 Petr Vandrovec
2000-11-14 20:29 ` Jeff V. Merkey
2000-11-15 1:56 ` Gregory Maxwell
2000-11-15 2:03 ` Jeff V. Merkey
2000-11-15 10:33 ` Olaf Titz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3A118E7F.462BAC34@timpanogas.org \
--to=jmerkey@timpanogas.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox