Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Logic Error in Management Edition NetWare install script for Dr. Sololomon's

Logic Error in Management Edition NetWare install script for Dr. Sololomon's

From: Bayard G. Bell <bbell01_at_EMORY.EDU>
Date: Fri, 16 Jul 1999 11:43:15 -0400

        I sent this bug report to NAI on 6/28/99. I haven't received
any
thanks, let alone been told of a patch. I hope this post will shame
them into addressing a problem that has been reported with a complete
diagnosis of the problem.
        I apologize that all of the lists to which I am posting are not
quite
the right forums, but disclosure to public forums that care about such
issues seems to be the only recourse when a vendor won't give you the
time of day...

-Bayard Bell
Emory University

Bayard wrote:
>
> Dr. Solomon's Management Edition 1.51 installing Toolkit 7.96 for
> NetWare installs an update script with an incorrect conditional that
> will cause the NTOOLKIT.NLM for NetWare 3.1X to be installed on a
> NetWare 5 server. The version condition in the MEUP.CFG beginning in
> line PreInst6 of the [Toolkit Front End] section asks the system for the
> NetWare 4. If the version comes back as 4.X, then the script goes to
> the NetWare 4 section and renames NTK4.NLM NTOOLKIT.NLM. Otherwise, the
> script assumes that the system is running NetWare 3.1X and renames
> NTK3.NLM NTOOLKIT.NLM. Obviously this script does not allow for NetWare
> 5, which, because it is not reported to the script as NetWare 4.X, is
> assumed to be NetWare 3.1X. Loading the 3.1X NTOOLKIT promptly causes a
> critical error in the server, although the server does seem to recover.
> The version problem was confirmed by a checksum comparison.

[The version 3.1X then unloads itself, leaving you without virus
protection. You can perform the installation manually, but I haven't
gotten a manual install to work with the Management Edition console.]

> Furthermore, it has been my experience that a NetWare 5 SP2A server
> loaded with all ManageWise 2.6 components (except InnocyLAN) and the
> ARCServeIT 6.61 agent will experience a critical error when a client
> attempts a read operation with the File Access Monitor. The server
> remains up but ceases to process client requests and will not down
> itself properly. No source of this error was determined at this time,
> although it has been my experience that the file access monitor does not
> work at all with NetWare 3.1X (the console locks up and the server does
> not process client requests).
> Please let me know if you are aware of a configuration issue or whether
> a fix is available.
>
> -Bayard Bell
> Emory University
<HR>
<UL>
<LI>text/x-vcard attachment: bbell01.vcf
</UL>
Received on Jul 16 1999

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos