PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
(ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER
(IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS
SUBJECT: SECURITY ENHANCEMENT PACKAGE FOR NOVELL NETWARE (AUTOMATED
SYSTEM SECURITY INCIDENT SUPPORT TEAM (ASSIST) BULLETIN 93-14).
1.  NOVELL HAS ISSUED A SECURITY ENHANCEMENT PACKAGE TO CORRECT A
SECURITY PROBLEM IN THE NETWARE OPERATING SYSTEM.  THE ENHANCEMENT
PACKAGE CONSISTS OF NETWARE LOADABLE MODULES, NEW SHELLS, AND VARIOUS
UTILITIES.  A SECURITY.DOC FILE IS INCLUDED THAT DEFINES THE
CAPABILITIES OF THE PACKAGE, CONFIGURATION OPTIONS, INSTALLATION OF
THE SERVER AND CLIENT PORTIONS, AND PROVIDES OTHER RELEVENT
INFORMATION.  THE ENHANCMENT PACKAGE IS AVAILABLE ON NETWIRE AND
NETWARE EXPRESS (MINIMUM SERVICE CONNECTION CHARGES APPLY ON NETWIRE
AND NETWARE EXPRESS), BY CALLING (800) NET-WARE.  THE PACKAGE CAN
ALSO BE DOWNLOADED VIA MODEM FROM THE ASSIST ELECTRONIC BULLETIN
BOARD SYSTEM (BBS) WHICH CAN BE REACHED AT (703) 696-8726, DSN 226. 
THE FILES ARE LOCATED IN THE 'SECURITY TOOLS' FILE SECTION OF THE
ASSIST BBS.  ASSIST STRONGLY RECOMMENDS THAT ALL DOD SITES USING
NETWARE OBTAIN AND INSTALL THE ENHANCEMENT ASAP.
2.  THE NOVELL NETWARE SECURITY ENHANCEMENT PACKAGE CONTAINS THE
FOLLOWING SELF EXTRACTING ZIP FILES:
SECSYS.EXE
SECDOS.EXE
SECOS2.EXE
SECUT1.EXE
SECUT2.EXE
SECUT3.EXE
SECPRN.EXE
THE SET OF UTILITIES IN SECUT3.EXE ARE NOT SPECIFICALLY REQUIRED FOR
THE SECURITY ENHANCEMENT, BUT CONTAIN VARIOUS FIXES AND UPDATES FOR
NETWARE.  BEFORE INSTALLING THE ENHANCEMENT, READ THE SECURITY.DOC
FILE (NTWARSEC.DOC ON ASSIST BBS) FOR PROGRAM SPECIFICS.  SYSTEM
ADMINISTRATORS WHO NEED ADDITIONAL SUPPORT AND SERVICE SHOULD CONTACT
THEIR LOCAL NOVELL REPRESENTATIVE, (800) NET-WARE, OR ASSIST.
3.  THE PACKAGE IMPLEMENTS A NETWARE CORE PROTOCOL (NCP) PACKET
SIGNATURE CAPABILITY THAT PROTECTS SERVERS AND CLIENTS USING NCP BY
PREVENTING PACKET FORGERY.  WITHOUT NCP PACKET SIGNATURES, IT IS
POSSIBLE FOR A NETWORK CLIENT TO POSE AS A MORE PRIVILEGED CLIENT AND
SEND A FORGED NCP REQUEST TO A NETWARE SERVER.  BY FORGING THE PROPER
NCP REQUEST PACKET, AN UNAUTHORIZED USER COULD GAIN SUPERVISOR RIGHTS
AND ACCESS TO ALL NETWORK RESOURCES.  NCP PACKET SIGNATURE PREVENTS
FORGERY BY REQUIRING THE SERVER AND CLIENT TO 'SIGN' EACH NCP PACKET,
AND THE SIGNATURE CHANGES WITH EVERY PACKET.  NCP PACKETS WITH
INCORRECT SIGNATURES ARE DISCARDED WITHOUT BREAKING THE CLIENTS
CONNECTION WITH THE SERVER.  AN ALERT MESSAGE ABOUT THE INVALID
PACKET IS THEN SENT TO THE ERROR LOG, THE AFFECTED CLIENT, AND THE
CONSOLE.
4.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
PETE HAMMES, COMM (703) 696-1924/5/6 OR DSN 226-1924/5/6.  ASSIST CAN
BE REACHED 24 HOURS PER DAY, COMMERCIAL PAGER (800) SKY-PAGE (800-
759-7243), PIN NUMBER 2133937.  WHEN CALLING THE PAGER SERVICE,
FOLLOW THE AUTOMATED VOICE INSTRUCTIONS AND ENTER THE CALL BACK
NUMBER AFTER THE PROMPT.  THE ASSIST DUTY OFFICER WILL CALL YOU BACK
WITHIN 30 MINUTES.  IF FASTER SERVICE IS REQUIRED, PREFIX YOUR
TELEPHONE NUMBER WITH "999", AND THE ASSIST DUTY OFFICER WILL CALL
BACK WITHIN 5 MINUTES.  ASSIST CAN ALSO BE REACHED VIA E-MAIL AT
"DOD-CERT(AT-SIGN)DDN-CONUS.DDN.MIL", BY DIALING INTO THE ASSIST
ELECTRONIC BULLETIN BOARD AT (703) 696-8729, DSN 226, AND LEAVING A
MESSAGE FOR THE SYSOP, OR BY LEAVING A VOICE MAIL MESSAGE AT (703)
696-1904 (SELECT '9' FOR THE 'ASSIST TEAM').
BT