COMMAND

    NetWare client

SYSTEMS AFFECTED

    NetWare client for Terminal server

PROBLEM

    Iscas  noticed  something  unusual  about  authenticating to an NT
    Terminal Server (v. 4.0) via intraNetWare client (v. 4.10).  Under
    the following scenario:

        - Alice performs a (NT only) login to the terminal server
        - Bob then performs a (NT+NetWare) login to the terminal server

    Then Alice has access to Bob's NetWare connection, and can  access
    NetWare resources as  Bob!!!  Alice  does NOT need  administrative
    privileges on the Terminal Server for this to happen.

SOLUTION

    The latest version of NetWare client seems to fix this exposure.