Bugtraq mailing list archives
Logic Error in Management Edition NetWare install script for Dr. Sololomon's
From: bbell01 () EMORY EDU (Bayard G. Bell)
Date: Fri, 16 Jul 1999 11:43:15 -0400
I sent this bug report to NAI on 6/28/99. I haven't received any thanks, let alone been told of a patch. I hope this post will shame them into addressing a problem that has been reported with a complete diagnosis of the problem. I apologize that all of the lists to which I am posting are not quite the right forums, but disclosure to public forums that care about such issues seems to be the only recourse when a vendor won't give you the time of day... -Bayard Bell Emory University Bayard wrote:
Dr. Solomon's Management Edition 1.51 installing Toolkit 7.96 for NetWare installs an update script with an incorrect conditional that will cause the NTOOLKIT.NLM for NetWare 3.1X to be installed on a NetWare 5 server. The version condition in the MEUP.CFG beginning in line PreInst6 of the [Toolkit Front End] section asks the system for the NetWare 4. If the version comes back as 4.X, then the script goes to the NetWare 4 section and renames NTK4.NLM NTOOLKIT.NLM. Otherwise, the script assumes that the system is running NetWare 3.1X and renames NTK3.NLM NTOOLKIT.NLM. Obviously this script does not allow for NetWare 5, which, because it is not reported to the script as NetWare 4.X, is assumed to be NetWare 3.1X. Loading the 3.1X NTOOLKIT promptly causes a critical error in the server, although the server does seem to recover. The version problem was confirmed by a checksum comparison.
[The version 3.1X then unloads itself, leaving you without virus protection. You can perform the installation manually, but I haven't gotten a manual install to work with the Management Edition console.]
Furthermore, it has been my experience that a NetWare 5 SP2A server loaded with all ManageWise 2.6 components (except InnocyLAN) and the ARCServeIT 6.61 agent will experience a critical error when a client attempts a read operation with the File Access Monitor. The server remains up but ceases to process client requests and will not down itself properly. No source of this error was determined at this time, although it has been my experience that the file access monitor does not work at all with NetWare 3.1X (the console locks up and the server does not process client requests). Please let me know if you are aware of a configuration issue or whether a fix is available. -Bayard Bell Emory University
<HR> <UL> <LI>text/x-vcard attachment: bbell01.vcf </UL>
Current thread:
- Re: ircd exploit in ircu based code (fwd) Andrea Cocito (Jul 14)
- linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Domingos Bruges (Jun 30)
- Re: linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Marcelo Roccasalva (Jul 21)
- Re: ircd exploit in ircu based code (fwd) Matt Hallacy (Jul 15)
- Re: ircd exploit in ircu based code (fwd) Andrea Cocito (Jul 16)
- Logic Error in Management Edition NetWare install script for Dr. Sololomon's Bayard G. Bell (Jul 16)
- AMaViS virus scanner for Linux - root exploit Chris McDonough (Jul 16)
- CERT Advisory CA-99.08 - cmsd Aleph One (Jul 16)
- Re: AMaViS virus scanner for Linux - root exploit Kurt Seifried (Jul 17)
- Re: AMaViS virus scanner for Linux - root exploit Ian Whalley (Jul 19)
- Swish-e Jean-Georges Estiot (Jul 17)
- Re: AMaViS virus scanner for Linux - root exploit Chris McDonough (Jul 18)
- Re: AMaViS virus scanner for Linux - root exploit Jim Hebert (Jul 19)
- tiger vulnerability Ellen L Mitchell (Jul 20)
- iplogger Ymas problem Salvatore Sanfilippo -antirez- (Jul 18)
- Re: AMaViS virus scanner for Linux - root exploit Christian Bricart (Jul 19)
- linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Domingos Bruges (Jun 30)