CVE-2002-1772

Name of the Vulnerable Software and Affected Versions Novell Netware versions 5.0 through 5.1

Description The issue allows local users to gain Domain Admin rights by logging into a Novell Directory Services (NDS) account and executing a specific command on an NDS ADM account. This account must have domain access rights but not be part of the NT domain, enabling the user to enter a null password.

Recommendations For Novell Netware versions 5.0 through 5.1, consider restricting access to NDS ADM accounts that have domain access rights but are not in the NT domain to minimize the risk of exploitation. As a temporary workaround, limit the use of the net use command on such accounts until a more permanent solution is available.