[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

For Immediate Disclosure

============================== Summary ==============================

 Security Alert: NOVL-2002-2963767
          Title: Remote Manager Security Issue - eDir 8.6.2
           Date: 22-Oct-2002
       Revision: Original
   Product Name: Novell eDirectory 8.6.2
 OS/Platform(s): Netware 5.x, 6.x, Windows NT 4, 2000
  Reference URL: http://support.novell.com/servlet/tidfinder/2963767
    Vendor Name: Novell, Inc. 
     Vendor URL: http://www.novell.com
Security Alerts: http://support.novell.com/security-alerts 
        Affects: Various eDirectory files
    Identifiers: See Also NOVL-2002-2963827
        Credits: None

============================ Description ============================

Inappropriate permissions may be granted to users logging into  
expired-password accounts from Remote Manager.

============================== Impact ===============================

Inappropriate permissions may be granted to users logging into  
expired-password accounts from Remote Manager.

======================== Recommended Actions ========================

See detailed instructions in the referenced Technical Information 
Document (TID) http://support.novell.com/servlet/tidfinder/2963767.

This patch contains Novell eDirectory 8.6.2 Support Pack 2a for 
Netware and NT\2000 platforms. It should only be applied to servers 
currently running Novell eDirectory 8.6.2.

*************************
NOTE: DO NOT INSTALL THIS UPDATE TO NETWARE 4.X !!!
DO NOT INSTALL ON DS 6.X, 7.X, 8.X, 8.5.x OR 8.7.x!!!

ONLY INSTALL ON 8.6.2!!!
*************************


============================ DISCLAIMER =============================

The content of this document is believed to be accurate at the time 
of publishing based on currently available information. However, the 
information is provided "AS IS" without any warranty or 
representation. Your use of the document constitutes acceptance of 
this disclaimer. Novell disclaims all warranties, express or implied,
regarding this document, including the warranties of merchantability 
and fitness for a particular purpose. Novell is not liable for any 
direct, indirect, or consequential loss or damage arising from use 
of, or reliance on, this document or any security alert, even if 
Novell has been advised of the possibility of such damages and even 
if such damages are foreseeable.

============================ Appendices =============================

None

================ Contacting Novell Security Alerts ==================

To report suspected security vulnerabilities in Novell products, send
email to
            secure@xxxxxxxxxx

or use the web form at our website

            http://support.novell.com/security-alerts

PGP users may send signed/encrypted information to us using our PGP 
key, available from the pgpkeys.mit.edu server, or our website.

Users wishing to be notified when Novell Security Alerts are issued 
may register their email address at

            http://www.novell.com/info/list/ 

Security Alerts, Novell, Inc. PGP Key Fingerprint:

F5AE 9265 0A34 F84E 580E  9B87 3AC1 1974 DE05 0FDB

========================= Revision History ==========================
       Original: 22-Oct-2002 - Original Publication

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBPc/qYzrBGXTeBQ/bEQImDQCgnxpVLaJs9inF7Hr5GEf5w1RbUpoAn1EW
DF2PSP4BSIZeeZqVSPYgDn/w
=aA/G
-----END PGP SIGNATURE-----