Bugtraq mailing list archives
Logic Error in Management Edition NetWare install script for Dr. Sololomon's
From: bbell01 () EMORY EDU (Bayard G. Bell)
Date: Fri, 16 Jul 1999 11:43:15 -0400
I sent this bug report to NAI on 6/28/99. I haven't received
any
thanks, let alone been told of a patch. I hope this post will shame
them into addressing a problem that has been reported with a complete
diagnosis of the problem.
I apologize that all of the lists to which I am posting are not
quite
the right forums, but disclosure to public forums that care about such
issues seems to be the only recourse when a vendor won't give you the
time of day...
-Bayard Bell
Emory University
Bayard wrote:
Dr. Solomon's Management Edition 1.51 installing Toolkit 7.96 for
NetWare installs an update script with an incorrect conditional that
will cause the NTOOLKIT.NLM for NetWare 3.1X to be installed on a
NetWare 5 server. The version condition in the MEUP.CFG beginning in
line PreInst6 of the [Toolkit Front End] section asks the system for the
NetWare 4. If the version comes back as 4.X, then the script goes to
the NetWare 4 section and renames NTK4.NLM NTOOLKIT.NLM. Otherwise, the
script assumes that the system is running NetWare 3.1X and renames
NTK3.NLM NTOOLKIT.NLM. Obviously this script does not allow for NetWare
5, which, because it is not reported to the script as NetWare 4.X, is
assumed to be NetWare 3.1X. Loading the 3.1X NTOOLKIT promptly causes a
critical error in the server, although the server does seem to recover.
The version problem was confirmed by a checksum comparison.
[The version 3.1X then unloads itself, leaving you without virus protection. You can perform the installation manually, but I haven't gotten a manual install to work with the Management Edition console.]
Furthermore, it has been my experience that a NetWare 5 SP2A server
loaded with all ManageWise 2.6 components (except InnocyLAN) and the
ARCServeIT 6.61 agent will experience a critical error when a client
attempts a read operation with the File Access Monitor. The server
remains up but ceases to process client requests and will not down
itself properly. No source of this error was determined at this time,
although it has been my experience that the file access monitor does not
work at all with NetWare 3.1X (the console locks up and the server does
not process client requests).
Please let me know if you are aware of a configuration issue or whether
a fix is available.
-Bayard Bell
Emory University
<HR> <UL> <LI>text/x-vcard attachment: bbell01.vcf </UL>
Current thread:
- Re: ircd exploit in ircu based code (fwd) Andrea Cocito (Jul 14)
- linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Domingos Bruges (Jun 30)
- Re: linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Marcelo Roccasalva (Jul 21)
- Re: ircd exploit in ircu based code (fwd) Matt Hallacy (Jul 15)
- Re: ircd exploit in ircu based code (fwd) Andrea Cocito (Jul 16)
- Logic Error in Management Edition NetWare install script for Dr. Sololomon's Bayard G. Bell (Jul 16)
- AMaViS virus scanner for Linux - root exploit Chris McDonough (Jul 16)
- CERT Advisory CA-99.08 - cmsd Aleph One (Jul 16)
- Re: AMaViS virus scanner for Linux - root exploit Kurt Seifried (Jul 17)
- Re: AMaViS virus scanner for Linux - root exploit Ian Whalley (Jul 19)
- Swish-e Jean-Georges Estiot (Jul 17)
- Re: AMaViS virus scanner for Linux - root exploit Chris McDonough (Jul 18)
- Re: AMaViS virus scanner for Linux - root exploit Jim Hebert (Jul 19)
- tiger vulnerability Ellen L Mitchell (Jul 20)
- iplogger Ymas problem Salvatore Sanfilippo -antirez- (Jul 18)
- Re: AMaViS virus scanner for Linux - root exploit Christian Bricart (Jul 19)
- linuxconf doesn't seem to deal correctly with /etc/pam.d/reboot Domingos Bruges (Jun 30)