|
|
|
|
| |
| Due to inappropriate permissions users are able to log into expired-password accounts from the Remote Manager. |
| |
Credit:
The information has been provided by Ed Reed.
|
| |
Vulnerable systems:
* Netware 5.1 eDir version 85.x
See detailed instructions in the referenced Technical Information Document (TID) http://support.novell.com/servlet/tidfinder/2963827.
eDirectory update for NetWare 5.1 servers running with the eDirectory 85.x database.
Your server must already be running eDirectory 85.x in order to use this update.
Files changed since the last public release:
* DS.NLM (v 85.30)
* DSREPAIR.NLM (v 85.20)
* NLDAP.NLM (v 85.24)
Do not install on a NetWare 4.x or 6.x server.
Do not install on a NDS 6.x, 7.x, 8.x, 86.x or 87.x servers
Installation Instructions:
Novell recommends applying NetWare 5.1 SP5 or higher before applying this patch.
This patch MAY work on earlier NetWare 5.1 support pack releases, however, as stated above no testing has been performed on these. The earliest support pack supported in conjunction with this patch is SP4.
Please note: You must have previously installed or upgraded to the full install of eDirectory 8.5.1 (International Version) - DS.NLM 85.12a found in the product file EDIR851.EXE. This patch should not be applied to the first shipping version, 85.01r. This patch MAY work on other support pack releases, however, be aware that Novell did not test this patch with past releases.
This repair will add languageid schema extensions to your server. To prevent any 603 errors it is recommended that this repair be first run on a Read-Write or Master of root.
Do not try to apply on NDS 6.x, 7.x, 8.x, 86.x, 87.x or NetWare 4.x/6.x servers.
APPLY THE LATEST SUPPORT PACK FOR YOUR VERSION OF 5.X NETWARE SERVER -
UPGRADE TO NDS 85.x USING THE FULL INTERNATIONAL VERSION THEN APPLY
THIS PATCH.
******** NOTE ********
THERE IS NO DOWNGRADE PATH FROM THIS VERSION!!! (Prior to eDirectory 85.12d)
******** NOTE ********
As with all patches, take standard precautionary disaster recovery steps. This includes loading DSREPAIR -RC which will create a file called SYS:\SYSTEM\DSR_DIB\00000000.$DU. This file contains a backup of the Directory Services database. Copy this file off to a different location so that it is not overwritten by a subsequent "dsrepair -rc".
1. Copy the patch (FDS8530.EXE) to a directory on the server being patched. (ie SYS:\PATCHES)
2. From a workstation, run the executable.
3. Install the minimum recommended support pack, NW 5.1 SP5, if it is not yet installed. NW 5.1 SP5 is the recommended and tested support pack for the NetWare 5.1 platform. Also apply the full install of eDirectory 8.5.1 (85.12a) edir851.exe available from http://support.novell.com if at version 85.01r (Original shipping version). (Please note that at the time of this TID eDirectory 85.x has been discontinued. This patch is only for those customers already running 85.x on their servers and wish to have the latest code).
4. Run NWCONFIG.NLM from the server console prompt.
5. Go to Product Options
6. Go to install a product not listed
7. Hit F3 to specify a different path
8. Specify the path were the patch was extracted (i.e. SYS:\PATCHES). NOTE: You are looking for the directory where the DS8.IPS file is located.
9. Press ENTER and follow the prompts. During the installation, the server's schema will be extended.
(Refer to the Issue section for more information.)
10. After the installation, you must RESET the server in order for the new version of DSLOADER.NLM to load. Either completely down (using the DOWN command) the server and bring it back up or at the console prompt type RESET SERVER and allow the server to reboot.
11. You should then observe that DS v85.30 loads on the server.
** NOTE 1 ** A backup of the original files will be located at SYS:SYSTEM\OLDDS for disaster recovery.
** NOTE 2 ** To restore the original static memory settings (not recommended, performance degradation my occur), the file SYS:SYSTEM\OLDDS\_NDSDB.INI can be edited from any text editor. Take note of the information in the file. These are your old settings. Re-apply the settings by executing a "set dstrace=!m[values]" (see DS documentation on specific context)
Issue:
Changes made in DS.NLM v85.30:
(Supersedes 85.29)
- Potential security issue resolved
Changes made in DS.NLM v85.29:
(Supersedes 85.28)
- QOS delay is not working when client is storming server with bindery requests
Changes made in DS.NLM v85.28:
(Supersedes 85.27c)
- Generate key pair function added
- Quote marks in RDN are added each time an entry is moved
- LDAP search on high valued entry returns incomplete data
- Writing streams to 4.x servers via dclient abends server
Last public release:DS.NLM v85.27c:
(Contained in eDir8527.exe - superceded DS8520c.exe)
*******************************************************************************
Changes made in DSREPAIR.NLM v85.20:
Supercedes 85.19
- DSRepair is attempting to repair clustered servers addresses
Changes made in DSREPAIR.NLM v85.19:
Supercedes 85.18
- Generate key pair being called and adding private key to server object
- Inconsistent transitive vector errors in dsrepair log and error count
(Contained in eDir8527.exe - superceded DS8520c.exe)
*******************************************************************************
Changes made in NLDAP.NLM v85.24:
Supercedes 85.23
(Contained in eDir8527.exe - superceded DS8520c.exe)
- Ldap_compare on password generates -255 error for incorrect password
- Extra characters inserted when the LDIF file contains hexadecimal data
File Contents:
Self-Extracting File Name: fds8530.exe
Files Included Size Date Time Version Checksum
\
APPEND.NLM 965 09-29-1998 02:26PM
DS8.IPS 1689 08-26-2002 03:09PM
FDS8530.TXT 7939 10-15-2002 07:08PM
ICMD.MSG 7331 08-24-2000 07:05AM
ICMD.NLM 32901 08-24-2000 07:06AM
ISDOS.NLM 1148 02-19-1998 04:42PM
\INSTALL\4
DS85.ILS 7878 09-30-2002 05:51PM
SCHEMA.ILS 660 10-01-2002 11:16AM
SHUTDOWN.ILS 598 07-31-2002 05:24PM
STARTUP.ILS 1832 10-01-2002 11:16AM
\STARTUP
DSLOADER.NLM 21479 04-04-2002 03:19PM
\SYS\SYSTEM
DS.NLM 1432884 09-20-2002 03:13PM
DSBROWSE.NLM 433543 02-13-2001 01:11PM
DSI.NLM 111715 08-03-2001 02:02PM
DSMERGE.NLM 120648 04-22-2002 11:39AM
DSREPAIR.NLM 293632 08-20-2002 03:02PM
DSTRACE.NLM 28644 01-29-2002 12:50AM
NLDAP.NLM 245634 06-19-2002 11:15PM
\SYS\SYSTEM\nls\4
DSREPAIR.HLP 57583 06-04-2002 09:47PM
DSREPAIR.MSG 81807 06-06-2002 11:29PM
NLDAP.MSG 11220 07-31-2001 11:38AM
\SYS\SYSTEM\SCHEMA
8527C.SCH 349 05-21-2001 09:42AM
NDS500.SCH 26622 09-19-2001 03:44PM
|
|
|
|
|
|
|
|
|
|
