Vulnerability
NAI (Dr. Solomon's Management Edition)
Affected
Dr. Solomon's Management Edition 1.51
Description
Bayard Bell found following. Dr. Solomon's Management Edition
1.51 installing Toolkit 7.96 for NetWare installs an update script
with an incorrect conditional that will cause the NTOOLKIT.NLM
for NetWare 3.1X to be installed on a NetWare 5 server. The
version condition in the MEUP.CFG beginning in line PreInst6 of
the [Toolkit Front End] section asks the system for the NetWare
4. If the version comes back as 4.X, then the script goes to the
NetWare 4 section and renames NTK4.NLM NTOOLKIT.NLM. Otherwise,
the script assumes that the system is running NetWare 3.1X and
renames NTK3.NLM NTOOLKIT.NLM. Obviously this script does not
allow for NetWare 5, which, because it is not reported to the
script as NetWare 4.X, is assumed to be NetWare 3.1X. Loading
the 3.1X NTOOLKIT promptly causes a critical error in the server,
although the server does seem to recover. The version problem
was confirmed by a checksum comparison. The version 3.1X then
unloads itself, leaving you without virus protection. You can
perform the installation manually, but Bayard hasn't gotten a
manual install to work with the Management Edition console.
Furthermore, it has been experience that a NetWare 5 SP2A server
loaded with all ManageWise 2.6 components (except InnocyLAN) and
the ARCServeIT 6.61 agent will experience a critical error when a
client attempts a read operation with the File Access Monitor.
The server remains up but ceases to process client requests and
will not down itself properly. No source of this error was
determined at this time, although it has been my experience that
the file access monitor does not work at all with NetWare 3.1X
(the console locks up and the server does not process client
requests).
Solution
Nothing yet.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
