July 15, 1998 4:00 PM PDT
Pandora pokes holes in NetWare
A new version of a software exploit called Pandora is being released today by a group calling itself the Nomad Mobile Research Center (NMRC) that highlights weaknesses in Novell's operating system, NetWare 4.11, as well as the recently released beta three test version of NetWare 5.0.
Though the group does not focus solely on Novell and has poked holes in the security of Microsoft's Windows NT and various Unix-based operating system players, the latest Pandora 3.0 tool could pose a severe threat for hackers who want to gain entry into a Novell NetWare system and information housed in the company's directory services administration tool. The exploit takes advantage of weaknesses in Novell's proprietary protocols, according to the NMRC.
The tool includes common hacker methods such as "packet spoofing" and password cracking that allow unauthorized users to potentially increase their rights to look at and manipulate data housed on a server system.
"This is very serious," said a NMRC representative who calls himself "Simple Nomad" in an email to CNET NEWS.COM. "If you can spoof packets as [an administrator] you can completely takeover the box."
Included with posted information concerning Pandora are steps to secure NetWare machines.
Novell executives said they are familiar with the Pandora exploit but stress that the conditions for use of the tool include being inside a Novell network. That means an attack would have to come from an employee or unauthorized user within an organization.
What is unclear from documentation concerning the tool and information from Novell, however, is how serious a problem the Pandora exploit is. As is common in the era of widespread publishing on the Net, it is hard to separate exploits that are used for hacking purposes and those that are simply known and understood as flaws within the software security community.
Michael Simpson, director of marketing for administration and management at Novell, said customers are not overly concerned about the availability of the tool. "We told our field organization about the issues and they have responded to any concerns," he said. "It doesn't seem to be a big deal with them. We take it seriously though, because we should. Some customers do too, but they are also the customers who lock up their servers and limit access."
Simpson said a patch could be forthcoming for the company after it completes testing with the latest Pandora code. "We will address it appropriately," he said.
Many independent security organizations--who generally hide behind a cloak of anonymity--claim no malicious intent in designing tools to exploit flaws in software. Many, including the NMRC, contend they are simply pointing out flaws that need to be addressed by the companies who put the software on the market.
Simple Nomad highlights the reasons for the NMRC on the organizations' Web site: "I have been contacted by Novell, Microsoft, the government, and others who simply wish I would shut up. All this does is tell me that NMRC is on the right track. I plan on continuing this trend."