Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: nai03.htm

Dr. Solomon's Management Edition 1.51 update script exploitable bug



Vulnerability

    NAI (Dr. Solomon's Management Edition)

Affected

    Dr. Solomon's Management Edition 1.51

Description

    Bayard Bell  found following.   Dr. Solomon's  Management  Edition
    1.51 installing Toolkit 7.96 for NetWare installs an update script
    with an  incorrect conditional  that will  cause the  NTOOLKIT.NLM
    for NetWare  3.1X to  be installed  on a  NetWare 5  server.   The
    version condition in  the MEUP.CFG beginning  in line PreInst6  of
    the [Toolkit Front  End] section asks  the system for  the NetWare
    4.  If the version comes back as 4.X, then the script goes to  the
    NetWare 4 section and  renames NTK4.NLM NTOOLKIT.NLM.   Otherwise,
    the script  assumes that  the system  is running  NetWare 3.1X and
    renames NTK3.NLM  NTOOLKIT.NLM.   Obviously this  script does  not
    allow for  NetWare 5,  which, because  it is  not reported  to the
    script as  NetWare 4.X,  is assumed  to be  NetWare 3.1X.  Loading
    the 3.1X NTOOLKIT promptly causes a critical error in the  server,
    although the  server does  seem to  recover.   The version problem
    was confirmed  by a  checksum comparison.   The version  3.1X then
    unloads itself,  leaving you  without virus  protection.   You can
    perform  the  installation  manually,  but  Bayard hasn't gotten a
    manual install to work with the Management Edition console.

    Furthermore, it has been experience  that a NetWare 5 SP2A  server
    loaded with all ManageWise  2.6 components (except InnocyLAN)  and
    the ARCServeIT 6.61 agent will experience a critical error when  a
    client attempts  a read  operation with  the File  Access Monitor.
    The server remains  up but ceases  to process client  requests and
    will  not  down  itself  properly.   No  source  of this error was
    determined at this time, although  it has been my experience  that
    the file  access monitor  does not  work at  all with NetWare 3.1X
    (the  console  locks  up  and  the  server does not process client
    requests).

Solution

    Nothing yet.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH