CVE-1999-1020

Novell Netware NDS 5.99 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-1020. PoCs published by Simple Nomad.

AI-analyzed exploit summary This is a writeup describing how unauthenticated clients can exploit default permissions on CX.EXE and NLIST.EXE in NetWare 4.x to enumerate NDS tree information, including user accounts, group memberships, and server details. The commands provided demonstrate how to extract sensitive directory information without authentication.

Description

The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Simple Nomad · textremotenetware
https://www.exploit-db.com/exploits/19365

This is a writeup describing how unauthenticated clients can exploit default permissions on CX.EXE and NLIST.EXE in NetWare 4.x to enumerate NDS tree information, including user accounts, group memberships, and server details. The commands provided demonstrate how to extract sensitive directory information without authentication.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Novell NetWare 4.x, IntranetWare
No auth needed
Prerequisites: Network access to the NetWare server · Default Read permissions on SYS:LOGIN directory
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/1364
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/484
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=90613355902262&w=2

Scores

EPSS 0.0713
EPSS Percentile 93.5%

Details

Status published
Products (2)
novell/netware 4.1
novell/netware 4.11 sp5b
Published Sep 18, 1998
Tracked Since Feb 18, 2026