[11055] in bugtraq
Logic Error in Management Edition NetWare install script for Dr.
daemon@ATHENA.MIT.EDU (Bayard G. Bell)
Sat Jul 17 03:21:55 1999
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------581D6CD46C562FCE585900AD"
Message-Id: <378F5313.DFA5A528@emory.edu>
Date: Fri, 16 Jul 1999 11:43:15 -0400
Reply-To: bbell01@emory.edu
From: "Bayard G. Bell" <bbell01@EMORY.EDU>
X-To: BUGTRAQ@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------581D6CD46C562FCE585900AD
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I sent this bug report to NAI on 6/28/99. I haven't received
any
thanks, let alone been told of a patch. I hope this post will shame
them into addressing a problem that has been reported with a complete
diagnosis of the problem.
I apologize that all of the lists to which I am posting are not
quite
the right forums, but disclosure to public forums that care about such
issues seems to be the only recourse when a vendor won't give you the
time of day...
-Bayard Bell
Emory University
Bayard wrote:
>
> Dr. Solomon's Management Edition 1.51 installing Toolkit 7.96 for
> NetWare installs an update script with an incorrect conditional that
> will cause the NTOOLKIT.NLM for NetWare 3.1X to be installed on a
> NetWare 5 server. The version condition in the MEUP.CFG beginning in
> line PreInst6 of the [Toolkit Front End] section asks the system for the
> NetWare 4. If the version comes back as 4.X, then the script goes to
> the NetWare 4 section and renames NTK4.NLM NTOOLKIT.NLM. Otherwise, the
> script assumes that the system is running NetWare 3.1X and renames
> NTK3.NLM NTOOLKIT.NLM. Obviously this script does not allow for NetWare
> 5, which, because it is not reported to the script as NetWare 4.X, is
> assumed to be NetWare 3.1X. Loading the 3.1X NTOOLKIT promptly causes a
> critical error in the server, although the server does seem to recover.
> The version problem was confirmed by a checksum comparison.
[The version 3.1X then unloads itself, leaving you without virus
protection. You can perform the installation manually, but I haven't
gotten a manual install to work with the Management Edition console.]
> Furthermore, it has been my experience that a NetWare 5 SP2A server
> loaded with all ManageWise 2.6 components (except InnocyLAN) and the
> ARCServeIT 6.61 agent will experience a critical error when a client
> attempts a read operation with the File Access Monitor. The server
> remains up but ceases to process client requests and will not down
> itself properly. No source of this error was determined at this time,
> although it has been my experience that the file access monitor does not
> work at all with NetWare 3.1X (the console locks up and the server does
> not process client requests).
> Please let me know if you are aware of a configuration issue or whether
> a fix is available.
>
> -Bayard Bell
> Emory University
--------------581D6CD46C562FCE585900AD
Content-Type: text/x-vcard; charset=us-ascii;
name="bbell01.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Bayard G. Bell
Content-Disposition: attachment;
filename="bbell01.vcf"
begin:vcard
n:Bell;Bayard
tel;fax:(404) 727-0079
tel;work:(404) 727-7157
x-mozilla-html:FALSE
org:Emory University;Division of Campus Life
version:2.1
email;internet:bbell01@emory.edu
title:Local Support/MIS
adr;quoted-printable:;;Drawer DDD=0D=0A605 Asbury Circle;Atlanta;Georgia;30322;
x-mozilla-cpt:;-2912
fn:Bayard Bell
end:vcard
--------------581D6CD46C562FCE585900AD--
