NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack

[Ed Reed <ereed () novell com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For Immediate Disclosure

============================== Summary ==============================

 Security Alert: NOVL-2002-2963081
          Title: Novell iManager (eMFrame 1.2.1) DoS Attack
           Date: 12 Aug 2002
       Revision: 1
   Product Name: Novell iManager
 OS/Platform(s): Netware
  Reference URL: http://support.novell.com/servlet/tidfinder/2963081
    Vendor Name: Novell, Inc. 
     Vendor URL: http://www.novell.com
Security Alerts: http://support.novell.com/security-alerts 
        Affects: eMFrame.jar, FwResources.properties files with 
                 modification dates previous to 16 July 2002
    Identifiers: Novell TID 2963081, BugTraq:279683
        Credits: Surreal: Cluestick Advisory #001

============================ Description ============================

This patch prevents eMFrame from shutting down prematurely caused by
the input of a userid longer than 256 characters while authenticating
into iManager. 

This patch must be applied on an existing eMFrame v 1.2.1
installation.

============================== Impact ===============================

The maximum length for the attribute DN in eDirectory 8.6 and above
is 256 characters. While authenticating into eMFrame, if a DN with
more than 256 characters are passed in by the user, eMFrame will
terminate. 

With the above fixes, when DN is greater than 256 characters, a
Denial of Service error is generated an eMFrame does not shut down. 

======================== Recommended Actions ========================

To verify whether or not this patch needs to be applied, perform the
following: 

NOTE: The steps below refer to a "webapps" directory which is a
relative directory. By default, when TomCat is installed on Netware,
the "webapps" directory is located directly underneath the volume
SYS: (i.e. SYS:\webapps\eMFrame\WEB-INF\lib\). However, webapps could
be located elsewhere, depending on the choices made by the
administration on initial installation. With Microsoft Windows
NT/Windows 2000, you can go to a command prompt and type "set". This
should display a path statement. In the path statement, there should
be a directory "TomCat". The "webapps" directory should be located
underneath the "TomCat" directory. 

1. Go to the following file:
..\webapps\eMFrame\WEB-INF\lib\eMFrame.jar 

2. Check the modified date on the file. If it is previous to July
16th, 2002, this patch must be applied. 

3. Go to the following file:
..\webapps\eMFrame\WEB-INF\classes\templates\FwResources.properties 

4. Check the modified date on the file. If it is previsous to July
16th, 2002, this patch must be applied. 
If the above files are older, apply this patch by copying the
eMFrame.jar and FwResources.properties from this file to the server
running eMFrame. 

Perform the following tasks: 

1. Go to the following directory:
..\webapps\eMFrame\WEB-INF\lib\ 

2. Copy the eMFrame.jar file located in this patch to the above
directory listed in step 1. 

3. Go to the following directory:
..\webapps\eMFrame\WEB-INF\classes\templates 

4. Copy the FwResources.properties file located in this patch to the
above directory listed in step 3.

============================ DISCLAIMER =============================

The content of this document is believed to be accurate at the time
of publishing based on currently available information. However, the
information is provided "AS IS" without any warranty or
representation. Your use of the document constitutes acceptance of
this disclaimer. Novell disclaims all warranties, express or implied,
regarding this document, including the warranties of merchantability
and fitness for a particular purpose. Novell is not liable for any
direct, indirect, or consequential loss or damage arising from use
of, or reliance on, this document or any security alert, even if
Novell has been advised of the possibility of such damages and even
if such damages are foreseeable.

============================ Appendices =============================

None

================ Contacting Novell Security Alerts ==================

To report suspected security vulnerabilities in Novell products, send
email to
            secure () novell com

PGP users may send signed/encrypted information to us using our PGP
key, available from the pgpkeys.mit.edu server, or our website at: 

            http://support.novell.com/security-alerts


Security Alerts, Novell, Inc. PGP Key Fingerprint:

F5AE 9265 0A34 F84E 580E  9B87 3AC1 1974 DE05 0FDB

========================= Revision History ==========================
       Original:  7 Aug 2002 - TID Publication
           This: 12 Aug 2002 - Security Alert published

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBPVgW8DrBGXTeBQ/bEQIs4gCfZUnCjM5YnfsmDtK6sHEYImHagRkAn06X
l4frxLtZ7Z07JxXdm1yw4+Ao
=iXnB
-----END PGP SIGNATURE-----