-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===============================================================================
>>                                                      CERT-NL, 01-Mar-2000 <<
>> All CERT-NL information has been moved to http://cert.surfnet.nl.  Links  <<
>> to CERT-NL information contained in this advisory are therefore outdated. <<
>>                                                                           <<
>> CERT-NL also has stopped the CERT-CC-Mirror service.  Due to this the     <<
>> links to the CERT-CC mirror are obsolete. Visit the CERT-CC site for the  <<
>> complete CERT-CC advisory texts:                     http://www.cert.org  <<
===============================================================================
===============================================================================
Security Advisory                                                       CERT-NL
===============================================================================
Author/Source : CERT-NL (Teun Nijssen)                     Index  :    S-93-18
Distribution  : World                                      Page   :          1
Classification: External                                   Version:      Final
Subject       : Netware 4.x LOGIN.EXE vulnerability        Date   :  16-Sep-93
==============================================================================


CERT-NL has received information concerning a vulnerability in Novell's 
Netware 4.x LOGIN.EXE
The following text is taken verbatim from the advisory of CERT-CC, one
of CERT-NL's sister organisations in the USA.


===========================================================================
CA-93:12                        CERT Advisory
                              September 16, 1993
                        Novell LOGIN.EXE Vulnerability

- ---------------------------------------------------------------------------

The CERT Coordination Center has received information concerning a security
vulnerability in Novell's NetWare 4.x login program (LOGIN.EXE). This
vulnerability affects NetWare 4.0 and 4.01. It does not affect NetWare 2.x,
NetWare 3.x, or Netware for UNIX.

Novell is making available a security enhancement to the login program for
NetWare 4.x. CERT strongly recommends that sites using of Novell NetWare 4.X
replace their current LOGIN.EXE program on all affected systems with this
security-enhanced version as soon as possible.

- ---------------------------------------------------------------------------
I.   Description:

     A security vulnerability exists in LOGIN.EXE in Novell NetWare 4.X.
     In some environments, a user's name and password may be temporarily 
     written to disk.

II.  Impact:

     User accounts may be readily compromised.

III. Solution:
    
     NetWare 4.x sites should obtain and install on all affected systems 
     the security-enhanced LOGIN.EXE program. CERT strongly recommends that 
     sites replace their current LOGIN.EXE with the security-enhanced version 
     as soon as possible.  

     This new file is available via anonymous FTP from first.org. The files 
     are located in:

     Filename                        Size     Checksum
     --------                        ------   -----------------------------
     /pub/software/seclog.exe        166276   00193 163 (Standard UNIX Sum)
                                              58886 325 (System V Sum)

     This file is also available at no charge through NetWare resellers, 
     on NetWire in library 14 of the NOVLIB forum, or by calling 
     +1-800-NETWARE.  NetWare customers outside the U.S. may call 
     Novell at +1-303-339-7027 or +31-55-384279 or may fax a request for 
     SECLOG.EXE v4.02 to Novell at +1-303-330-7655 or +31-55-434455. Fax 
     requests should include company name, contact name, postal address, 
     and phone number.

     The distribution SECLOG.EXE is a self-extracting archive that  
     contains a patched file and a text file of installation instructions. 
     The patch file (LOGIN.EXE) and the text file (SECLOG.TXT) are created 
     by executing the distribution file SECLOG.EXE. After extracting the 
     files, the dir command should produce the following output:

         SECLOG   EXE  166276    xx-xx-xx   xx:xxx
         LOGIN    EXE  354859    08-25-93   11:43a
         SECLOG   TXT    5299    09-02-93   11:16a

     Note that the date and time shown for SECLOG.EXE will reflect when 
     this file was created on your system.

     To install the patch, follow the directions contained in the text file
     SECLOG.TXT.

     After installing the patch, sites should instruct all users to change 
     their passwords.

- ---------------------------------------------------------------------------
The CERT Coordination Center would like to thank Karyn Pichnarczyk and
the contribution of CIAC to this advisory. We would also like to
acknowledge Richard Colby of Chem Nuclear Geotech, Inc., for reporting
this vulnerability to CIAC, and Novell for their efforts in the
resolution of this vulnerability.
- ---------------------------------------------------------------------------

CERT-NL thanks CIAC for sharing this information with its FIRST partners
and advises its constituency to follow the CERT-CC guidelines in this
advisory.

==============================================================================
CERT-NL is the Computer Emergency Response Team for SURFnet customers. SURFnet
is the Dutch network for educational, research and related institutes. CERT-NL
is a member of the Forum of Incident Response and Security Teams (FIRST).

All CERT-NL material is available under:
  http://cert.surfnet.nl/

In case of computer or network security problems please contact your local
CERT/security-team or CERT-NL  (if your institute is NOT a SURFnet customer
please address the appropriate (local) CERT/security-team).

CERT-NL is one/two hour(s) ahead of UTC (GMT) in winter/summer,
i.e. UTC+0100 in winter and UTC+0200 in summer (DST).

   Email:     cert-nl@surfnet.nl     ATTENDED REGULARLY ALL DAYS
   Phone:     +31 302 305 305        BUSINESS HOURS ONLY
   Fax:       +31 302 305 329        BUSINESS HOURS ONLY
   Snailmail: SURFnet bv
              Attn. CERT-NL
              P.O. Box 19035
              NL - 3501 DA  UTRECHT
              The Netherlands

NOODGEVALLEN:    06 22 92 35 64      ALTIJD BEREIKBAAR
EMERGENCIES : +31 6 22 92 35 64      ATTENDED AT ALL TIMES
CERT-NL'S EMERGENCY PHONENUMBER IS ONLY TO BE USED IN CASE OF EMERGENCIES:
THE SURFNET HELPDESK OPERATING THE EMERGENCY NUMBER HAS A *FIXED*
PROCEDURE FOR DEALING WITH YOUR ALERT AND WILL IN REGULAR CASES RELAY IT
TO CERT-NL IN AN APPROPRIATE MANNER. CERT-NL WILL THEN CONTACT YOU.
===============================================================================

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1i

iQA/AwUBOL6WCDSYjBqwfc9jEQLxOACg8zPbjlOeim9aXrdSyJvwzDxjKYIAoL7n
4SCwvaT5DSxOgktsHTCJSKSn
=RISw
-----END PGP SIGNATURE-----