|
CERT Advisory 93- 12
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Article 9 (1 more) in comp.security.announce (moderated):
From: CERT Advisory
Subject: CERT Advisory - Novell LOGIN.EXE Vulnerability
Date: 16 Sep 93 14:52:27 GMT
Distribution: inet
Organization: Computer Emergency Response Team : 412-268-7090
Lines: 96
===========================================================================
CA-93:12 CERT Advisory
September 16, 1993
Novell LOGIN.EXE Vulnerability
---------------------------------------------------------------------------
The CERT Coordination Center has received information concerning a security
vulnerability in Novell's NetWare 4.x login program (LOGIN.EXE). This
vulnerability affects NetWare 4.0 and 4.01. It does not affect NetWare 2.x,
NetWare 3.x, or Netware for UNIX.
Novell is making available a security enhancement to the login program for
NetWare 4.x. CERT strongly recommends that sites using of Novell NetWare 4.X
replace their current LOGIN.EXE program on all affected systems with this
security-enhanced version as soon as possible.
---------------------------------------------------------------------------
I. Description:
A security vulnerability exists in LOGIN.EXE in Novell NetWare 4.X.
In some environments, a user's name and password may be temporarily
written to disk.
II. Impact:
User accounts may be readily compromised.
III. Solution:
NetWare 4.x sites should obtain and install on all affected systems
the security-enhanced LOGIN.EXE program. CERT strongly recommends that
sites replace their current LOGIN.EXE with the security-enhanced version
as soon as possible.
This new file is available via anonymous FTP from first.org. The files
are located in:
Filename Size Checksum
-------- ------ -----------------------------
/pub/software/seclog.exe 166276 00193 163 (Standard UNIX Sum)
58886 325 (System V Sum)
This file is also available at no charge through NetWare resellers,
on NetWire in library 14 of the NOVLIB forum, or by calling
+1-800-NETWARE. NetWare customers outside the U.S. may call
Novell at +1-303-339-7027 or +31-55-384279 or may fax a request for
SECLOG.EXE v4.02 to Novell at +1-303-330-7655 or +31-55-434455. Fax
requests should include company name, contact name, postal address,
and phone number.
The distribution SECLOG.EXE is a self-extracting archive that
contains a patched file and a text file of installation instructions.
The patch file (LOGIN.EXE) and the text file (SECLOG.TXT) are created
by executing the distribution file SECLOG.EXE. After extracting the
files, the dir command should produce the following output:
SECLOG EXE 166276 xx-xx-xx xx:xxx
LOGIN EXE 354859 08-25-93 11:43a
SECLOG TXT 5299 09-02-93 11:16a
Note that the date and time shown for SECLOG.EXE will reflect when
this file was created on your system.
To install the patch, follow the directions contained in the text file
SECLOG.TXT.
After installing the patch, sites should instruct all users to change
their passwords.
---------------------------------------------------------------------------
The CERT Coordination Center would like to thank Karyn Pichnarczyk and
the contribution of CIAC to this advisory. We would also like to
acknowledge Richard Colby of Chem Nuclear Geotech, Inc., for reporting
this vulnerability to CIAC, and Novell for their efforts in the
resolution of this vulnerability.
---------------------------------------------------------------------------
If you believe that your system has been compromised, contact the CERT
Coordination Center or your representative in FIRST (Forum of Incident
Response and Security Teams).
Internet E-mail: [email protected]
Telephone: 412-268-7090 (24-hour hotline)
CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),
and are on call for emergencies during other hours.
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, PA 15213-3890
Past advisories, information about FIRST representatives, and other
information related to computer security are available for anonymous FTP
from cert.org (192.88.209.5).
|
|
