Bugtraq;
MacOS 9 adds the ability to have multiple users on a single Macintosh. When it boots
it will (if enabled) ask you to log in.
However, while logged in if you login to NDS, and select "Logout" from the Special
menu, you will NOT be logged out of NDS. The tree in the menu bar will stay green,
and you are still logged in. Any user can then log back in as themselves and use your
login to NDS.
The workaround is simple enough, just make sure you log out of NDS and THEN out of
MacOS. An alternative would be to simply restart the Mac instead of logging out.
I tested this on an iMac running MacOS 9 and the ProSoft client (version 5.12). I have
not tested it on the Novell client (version 5.11), but since the clients are so
similar I would assume the "bug" exists there too. (I don't consider this to be a
full-blown bug since we're dealing with a new feature of the OS that didn't exist at
the time the client was released. However, given the breathtaking speed that ProSoft
moves at...)
--As far as I know this doesn't seems like being an MacOs issue, as described in
original post, since NetWare Client 5.12 is not listed as builting feature ( see the
inclued softwares or features listed in MacOs 9
http://www.apple.com/macos/pdf/MacOS9_DS-a.pdf) or even bunddled with MacOS 9.
Using any other network ressource via a software (mail client, telnet, ftp etc...)
will log you out; during the loggout process an apple event is sent to the
applications, and Prosoft netware client doesn't respond to the apple event asking to
disconnect the ressouce.It's not MacOS fault but incompability in software to
understant the event it's quiet different.New OS creates sometime incompabilities but
who has to adapt to the situation: the OS or the application?
There's something I don't get on security focus vulnerabilities database despite all
the great job that is done on this site.Why softwares having issues on MacOs are
reported under "Apple" and not to the vendor itself? :-(
--->1999-11-14: MacOS9 NDS Client Inherited Login Vulnerability
-->1998-04-14: Microsoft Internet Explorer EMBED Vulnerability
-->1999-07-28: MacOS Internet Config Weak Password Encryption Vulnerability
-->1999-06-15: MS Outlook Express for MacOS "Change Current User" Vulnerability
deepquest
Ubi solitudinem faciunt, pacem appellant
http://www.deepquest.pf
