
              NOVELL TECHNICAL INFORMATION DOCUMENT

TITLE:              Security Patch for NetWare 286 v2.15
DOCUMENT ID:        TID000368
DOCUMENT REVISION:  A
DATE:               01JUL93
ALERT STATUS:       Yellow
INFORMATION TYPE:   Symptom Solution
README FOR:         SEC286.EXE

NOVELL PRODUCT and VERSION:
NetWare Pre 3.11 and 2.2

ABSTRACT:
The SEC286.EXE file addresses a potential security anomaly on NetWare v2.15
file servers.
_________________________________________________________________

DISCLAIMER
THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO NOVELL. 
NOVELL MAKES EVERY EFFORT WITHIN ITS MEANS TO VERIFY THIS INFORMATION. 
HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT IS FOR YOUR INFORMATION
ONLY.  NOVELL MAKES NO EXPLICIT OR IMPLIED CLAIMS TO THE VALIDITY OF THIS
INFORMATION.
_________________________________________________________________

Self-Extracting File Name:  SEC286.EXE

Files Included     Size     Date        Time

  SEC286.TXT          (This File)
  ZAPOBJ.EXE      28660    7-31-90      4:24p
PASSFIX2.FIX       2254    1-03-91     10:20a
PASFXE_1.FIX       3288    1-03-91     10:21a
PASSFIX1.FIX       3264    1-03-91     10:20a
PASFXE_2.FIX       2371    1-03-91     10:21a
 PASSFIX.FIX       5009    1-03-91     10:20a


A very rare security shortcoming has been identified by Novell.  It has
been fixed with this patch.  For most Novell customers who have intruder
detection set on - this security weakness will not pose a problem.  Novell
recommends that all customers turn intruder detection on and if the
customer has greater concerns for security, they should apply this
corrective patch.

This program fix should only be applied to released copies of 286 NetWare
version 2.15C.  Any previous or subsequent versions of 286 NetWare do not
have this problem, and should not have this program fix applied to them.

The manner in which you apply the program fix to your 286 NetWare 2.15c
installation depends upon the media in which the NetWare OS generation 
facility (NETGEN or ELSGEN) was received (3.5" or 5.25" diskettes), and
whether or not the OS is ELS-II NetWare.  A separate set of instructions is
given below for each case.

For those who generate their OS from floppies, all references to
subdirectories in these instructions should be interpreted as references to
diskettes whose labels have the specified name.  Also, if there is not
enough room for those who generate their OS from floppies to duplicate the
object file on the diskette specified, the new .OBJ files will need to be
created on the drive containing this program fix, then copied to a new
working copy of the diskette.

3.5" MEDIA, NOT ELS-II:

1.  In the ADOBJ, ANDOBJ, SFTOBJ, and TTSOBJ subdirectories, rename the
corresponding .OBJ files to have a .SAV extension.

2.  In each of these subdirectories, apply the program fix to the
newly-renamed .SAV file, creating a new .OBJ file.

For example, assume that the PASSFIX.FIX and the ZAPOBJ program reside on
floppy drive A:.  To apply the program fix to the SFT object file, execute
the following command while in the SFTOBJ subdirectory:

            A:ZAPOBJ SFT.SAV SFT.OBJ A:PASSFIX.FIX

You would then apply the program fix to object files in the ADOBJ, ANDOBJ,
and TTSOBJ subdirectories in the same manner.  If the ZAPOBJ program
indicates that errors were encountered in applying the program fix to any
of these files, call LANSWER for assistance.

3.  Using NETGEN, regenerate a new NET$OS.EXE file as you have always
done.

4.  If the OS works satisfactorily, you may delete the .SAV files that you
renamed in Step 1.  Otherwise, call NetWare support provider for
assistance.


5.25" MEDIA, NOT ELS-II:

1.  In the ADOBJ, ANDOBJ, SFTOBJ, and TTSOBJ subdirectories, rename the
corresponding .OBJ files to have a .SAV extension.  Also rename all .OBJ
files in the OSOBJ subdirectory to have a .SAV extension.

2.  In each of these subdirectories, apply the program fix to the
newly-renamed .SAV file, creating a new .OBJ file.  Apply the PASSFIX1.FIX
program fix directives to object files in the ADOBJ, ANDOBJ, SFTOBJ, and
TTSOBJ subdirectories, and the PASSFIX2.FIX directives to object files in
the OSOBJ subdirectory.

For example, assume that the PASSFIX1.FIX, PASSFIX2.FIX and ZAPOBJ.EXE
files reside on floppy drive A:.  To apply the program fix to the SFT
object files, you would execute the following commands from the directory
just above the SFTOBJ subdirectory:

            CD SFTOBJ
            A:ZAPOBJ SFT_1.SAV SFT_1.OBJ A:PASSFIX1.FIX
            CD ..\OSOBJ
            A:ZAPOBJ SFT_2.SAV SFT_2.OBJ A:PASSFIX2.FIX

You would then apply the program fix to object files in the ADOBJ, ANDOBJ,
and TTSOBJ subdirectories in the same manner, along with their counterparts
in the OSOBJ subdirectory.  If the ZAPOBJ program indicates that errors
were encountered in applying the program fix to any of these files, call
your NetWare support provider for assistance.

3.  Using NETGEN, regenerate new NET$OS executable file(s) as you have
always done.

4.  If the OS works satisfactorily, you may delete the .SAV files that you
renamed in Step 1.  Otherwise, call your NetWare support provider for
assistance.


3.5" MEDIA, ELS-II:

1.  In the EDOBJ-1 and ENDOBJ-1 subdirectories, rename the corresponding
.OBJ files to have a .SAV extension.

2.  In each of these subdirectories, apply the program fix to the
newly-renamed .SAV file, creating a new .OBJ file.

For example, assume that PASFXE_1.FIX, PASFXE_2.FIX, and the ZAPOBJ program
reside on floppy drive A:.  To apply the program fix to the dedicated ELS
object files, execute the following commands while in the EDOBJ-1
subdirectory:

            A:ZAPOBJ ELS2_1.SAV ELS2_1.OBJ A:PASFXE_1.FIX
            A:ZAPOBJ ELS2_2.SAV ELS2_2.OBJ A:PASFXE_2.FIX

You would then apply the program fix to object files in the ENDOBJ-1
subdirectory in the same manner.  If the ZAPOBJ program indicates that
errors were encountered in applying the program fix to any of these files,
call your NetWare support provider for assistance.

3.  Using ELSGEN, regenerate a new NET$OS.EXE file as you have always
done.

4.  If the OS works satisfactorily, you may delete the .SAV files that you
renamed in Step 1.  Otherwise, call your NetWare support provider for
assistance.


5.25" MEDIA, ELS-II:

1.  In the EDOBJ-1, EDOBJ-2, ENDOBJ-1, and ENDOBJ-2 subdirectories, rename
the .OBJ files to have a .SAV extension.

2.  In each of these subdirectories, apply the program fix to the
newly-renamed .SAV file, creating a new .OBJ file.  Apply the PASFXE_1.FIX
program fix directives to object files in the EDOBJ-1 and ENDOBJ-1
subdirectories, and the PASFXE_2.FIX directives to object files in the
EDOBJ-2 and ENDOBJ-2 subdirectories.

For example, assume that the PASFXE_1.FIX, PASFXE_2.FIX and ZAPOBJ.EXE
files reside on floppy drive A:.  To apply the program fix to the dedicated
ELS object files, you would execute the following commands from the
directory just above the EDOBJ-1 subdirectory:

            CD EDOBJ-1
            A:ZAPOBJ ELS2_1.SAV ELS2_1.OBJ A:PASFXE_1.FIX
            CD ..\EDOBJ-2
            A:ZAPOBJ ELS2_2.SAV ELS2_2.OBJ A:PASFXE_2.FIX

You would then apply the program fix to object files in the ENDOBJ-1 and
ENDOBJ-2 subdirectories in the same manner.  If the ZAPOBJ program
indicates that errors were encountered in applying the program fix to any
of these files, call your NetWare support provider for assistance.

3.  Using ELSGEN, regenerate new NET$OS executable file(s) as you have
always done.

4.  If the OS works satisfactorily, you may delete the .SAV files that you
renamed in Step 1.  Otherwise, call your NetWare support provider for
assistance.
ÿ