[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Novell LOGIN.EXE Vulnerability

Title: Novell LOGIN.EXE Vulnerability
Released by: CERT
Date: 16th September 1993
Printable version: Click here

Hash: SHA1



Last Revised: September 19,1997

                Attached copyright statement


                                CERT Advisory

                              September 16, 1993

                        Novell LOGIN.EXE Vulnerability

- ---------------------------------------------------------------------------

The CERT Coordination Center has received information concerning a security

vulnerability in Novell's NetWare 4.x login program (LOGIN.EXE). This

vulnerability affects NetWare 4.0 and 4.01. It does not affect NetWare 2.x,

NetWare 3.x, or Netware for UNIX.

Novell is making available a security enhancement to the login program for

NetWare 4.x. CERT strongly recommends that sites using of Novell NetWare 4.X

replace their current LOGIN.EXE program on all affected systems with this

security-enhanced version as soon as possible.

- ---------------------------------------------------------------------------

I.   Description:

     A security vulnerability exists in LOGIN.EXE in Novell NetWare 4.X.

     In some environments, a user's name and password may be temporarily 

     written to disk.

II.  Impact:

     User accounts may be readily compromised.

III. Solution:


     NetWare 4.x sites should obtain and install on all affected systems 

     the security-enhanced LOGIN.EXE program. CERT strongly recommends that 

     sites replace their current LOGIN.EXE with the security-enhanced version 

     as soon as possible.  

     This new file is available via anonymous FTP from first.org. The files 

     are located in:

     Filename                        Size     Checksum

     --------                        ------   -----------------------------

     /pub/software/seclog.exe        166276   00193 163 (Standard UNIX Sum)

                                              58886 325 (System V Sum)

     This file is also available at no charge through NetWare resellers, 

     on NetWire in library 14 of the NOVLIB forum, or by calling 

     +1-800-NETWARE.  NetWare customers outside the U.S. may call 

     Novell at +1-303-339-7027 or +31-55-384279 or may fax a request for 

     SECLOG.EXE v4.02 to Novell at +1-303-330-7655 or +31-55-434455. Fax 

     requests should include company name, contact name, postal address, 

     and phone number.

     The distribution SECLOG.EXE is a self-extracting archive that  

     contains a patched file and a text file of installation instructions. 

     The patch file (LOGIN.EXE) and the text file (SECLOG.TXT) are created 

     by executing the distribution file SECLOG.EXE. After extracting the 

     files, the dir command should produce the following output:

         SECLOG   EXE  166276    xx-xx-xx   xx:xxx

         LOGIN    EXE  354859    08-25-93   11:43a

         SECLOG   TXT    5299    09-02-93   11:16a

     Note that the date and time shown for SECLOG.EXE will reflect when 

     this file was created on your system.

     To install the patch, follow the directions contained in the text file


     After installing the patch, sites should instruct all users to change 

     their passwords.

- ---------------------------------------------------------------------------

The CERT Coordination Center would like to thank Karyn Pichnarczyk and

the contribution of CIAC to this advisory. We would also like to

acknowledge Richard Colby of Chem Nuclear Geotech, Inc., for reporting

this vulnerability to CIAC, and Novell for their efforts in the

resolution of this vulnerability.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in FIRST (Forum of Incident

Response and Security Teams).

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT personnel answer 8:30 a.m.-5:00 p.m. EST(GMT-5)/EDT(GMT-4),

           and are on call for emergencies during other hours.

CERT Coordination Center

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous FTP

from cert.org (

- ------------------------------------------------------------------------------

Copyright 1993 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History:

September 19,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.