NOVELL TECHNICAL INFORMATION DOCUMENT TITLE: HTTPSTK Vulnerability Fix TID #: 2962026 README FOR: httpstk1.exe NOVELL PRODUCTS and VERSIONS: NetWare 5.1 NetWare 6 ABSTRACT: Novell has addressed a vulnerability issue related to httpstk.nlm for NetWare 5.1 and NetWare 6 customers. If the version of httpstk.nlm is pre April 4, 2002, this fix is required to correct the problem. ----------------------------------------------------------------- DISCLAIMER THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO NOVELL. NOVELL MAKES ALL REASONABLE EFFORTS TO VERIFY THIS INFORMATION. HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT IS FOR YOUR INFORMATION ONLY. NOVELL MAKES NO EXPLICIT OR IMPLIED CLAIMS TO THE VALIDITY OF THIS INFORMATION. ----------------------------------------------------------------- INSTALLATION INSTRUCTIONS: NetWare 5.1: Novell recommends that customers have Support Pack 3 installed on their servers prior to the installation of this fix. NetWare 6: This fix can be applied to a NetWare 6 server either with or without Support Pack 1 installed. Method #1: Use NWCONFIG.NLM and install the patch automatically. Method #2: Manually copy the files to the server. INSTRUCTIONS: Method #1 1. Run HTTPSTK1.EXE, unzipping the files into a directory. 2. If the directory where the files were extracted is not located on the server to be updated, copy that directory structure to the server to be updated. 3. Load NWCONFIG.NLM on the server to be updated. 4. On the main menu of NWCONFIG.NLM, select "Product Options". This will display a new menu. On this new menu, select "Install a product not listed" and then press . 5. Follow the on screen prompts to correctly select the location of the directory to where the patch was extracted on the server. 6. Press to start the file copy procedure. Method #2 1. Flag the older version of httpstk.nlm appropriately so that it can be over written with the new version of httpstk.nlm. This file is located on the server's SYS: volume in the system directory. 2. Copy the newer version of httpstk.nlm to the server's SYS:system directory. 3. Flag the file to be RO SH. After the installation of the file is complete, the new code can either be enabled manually, or automatically. The manual method requires knowledge of the command line switches httpstk.nlm uses on loading. These switches are found in the autoexec.ncf file (in the SYS:system directory). Unload portal.nlm and httpstk.nlm and then reload httpstk.nlm (with the correct switches) and portal.nlm. This will reenable Novell Remote Manager with the new code. The automatic method of enabling the code is a server reboot. Once the NLM has been copied into the SYS:system directory, the server will automatically use it (if asked to) when booting. ***** Note that the internal date displayed using the modules list on the server may not match the date of the actual physical file. This behavior is normal and does not indicate a problem. ISSUE: iXSecurity.com found and notified Novell of a vulnerability issue with the httpstk.nlm module that runs on NetWare 5.1 and NetWare 6. Httpstk.nlm is part of the code used to allow the functionality of remote management through NetWare's Remote Manager (NRM). While using the Remote Manager, and under specific circumstances, a buffer overflow condition can occur which will cause the NetWare server to abend. This patch addresses the abend condition. NetWare 5.1 and NetWare 6 include NetWare Remote Manager by default. NetWare 5.1 Support Pack 5 will include this new version of httpstk.nlm. NetWare 6 Support Pack 2 will include this new version of httpstk.nlm. Self-Extracting File Name: httpstk1.exe Files Included Size Date Time ..\ HTTPSTK1.TXT (This file) HTTPSTK.IPS 3852 4-5-2002 2:49:26 pm ..W51\ HTTPSTK.NLM 75298 4-4-2002 4:32:10 pm ..W6\ HTTPSTK.NLM 80339 4-5-2002 2:11:50 pm ----------------------------------------------------------------- Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information. -----------------------------------------------------------------