PASS TO SITE/FACILITY/COMMAND INFORMATION SYSTEM SECURITY OFFICER
(ISSO), SPECIAL SECURITY OFFICER (SSO), INFORMATION RESOURCE MANAGER
(IRM) AND AUTOMATED DATA PROCESSOR (ADP) COORDINATORS
SUBJECT: NOVELL NETWARE LOGIN.EXE SECURITY PATCH (AUTOMATED SYSTEM
SECURITY INCIDENT SUPPORT TEAM (ASSIST) BULLETIN 93-24).
1.  A VULNERABILITY EXISTS WITHIN NOVELL'S LOGIN.EXE V4.02 PROGRAM
WHICH CAN ALLOW COMPROMISE OF USER ACCOUNTS.  THIS VULNERABILITY
AFFECTS NETWARE 4.X ONLY, AND DOES NOT AFFECT NETWARE 2.X, 3.X, OR
NETWARE FOR UNIX.  OPERATION OF THE VULNERABLE LOGIN.EXE MAY CAUSE
THE INADVERTANT COMPROMISE OF A USER'S NAME AND PASSWORD.  FURTHER
DETAILS OF THIS VULNERABILITY ARE CONTAINED IN THE TEXT FILE INCLUDED
WITH THE PATCH.
2.  THE PATCH (LOGIN.EXE) AND TEXT FILE (SECLOG.TXT) ARE CREATED BY
EXECUTING THE DISTRIBUTION FILE SECLOG.EXE, A SELF-EXTRACTING
ARCHIVE.  AFTER EXTRACTING THE FILES, THE DIR COMMAND SHOULD PRODUCE
THE FOLLOWING OUTPUT.
SECLOG   EXE  166276    XX-XX-XX   XX:XXX
LOGIN    EXE  354859    08-25-93   11:43A
SECLOG   TXT    5299    09-02-93   11:16A
TO INSTALL THE PATCH, FOLLOW THE DIRECTIONS CONTAINED IN THE TEXT
FILE SECLOG.TXT, AND THEN INSTRUCT ALL YOUR USERS TO CHANGE THEIR
PASSWORDS.  ASSIST RECOMMENDS REPLACING THE CURRENT LOGIN.EXE WITH
THE SECURITY ENHANCED VERSION IN ALL SYSTEMS AFFECTED BY THIS
VULNERABILITY AS SOON AS POSSIBLE.
3.  THIS PATCH IS AVAILABLE VIA ANONYMOUS FTP AS SECLOG.EXE ON
IRBIS.LLNL.GOV (IP ADDRESS 128.115.19.60) IN THE ~PUB/CIAC/PCVIRUS
DIRECTORY, AND ON THE ASSIST BBS WHICH CAN BE REACHED AT 703-756-
7993/4 (DSN 289).  THE FILE CAN ALSO BE RETRIEVED VIA ANONYMOUS FTP
FROM FIRST.ORG (IP ADDRESS 129.6.54.11) IN THE ~PUB/SOFTWARE
DIRECTORY.  THE SECURITY ENHANCEMENT IS ALSO AVAILABLE AT NO CHARGE
THROUGH NETWARE RESELLERS, ON NETWIRE IN LIBRARY 14 OF THE NOVLIB
FORUM, OR BY CALLING 1-800-NETWARE.  NETWARE CUSTOMERS OUTSIDE THE
U.S. MAY CALL NOVELL AT 303-339-7027 OR 31-55-384279, OR FAX A
REQUEST FOR LOGIN.EXE V4.02 TO NOVELL AT 303-330-7655 OR
31-55-434455. INCLUDE COMPANY NAME, CONTACT NAME, MAILING ADDRESS AND
PHONE NUMBER IN THE FAX REQUEST.
4.  POINT OF CONTACT:  ASSIST POINT OF CONTACT FOR THIS MATTER IS
PETE HAMMES, COMM (703) 756-7974 OR DSN 289-7974.  ASSIST CAN BE
REACHED 24 HOURS PER DAY, COMMERCIAL PAGER (800) SKY-PAGE (800-759-
7243), PIN NUMBER 2133937.  WHEN CALLING THE PAGER SERVICE, FOLLOW
THE AUTOMATED VOICE INSTRUCTIONS AND ENTER THE CALL BACK NUMBER AFTER
THE PROMPT.  THE ASSIST DUTY OFFICER WILL CALL YOU BACK WITHIN 30
MINUTES.  IF FASTER SERVICE IS REQUIRED, PREFIX YOUR TELEPHONE NUMBER
WITH "999", AND THE ASSIST DUTY OFFICER WILL CALL BACK WITHIN 5
MINUTES.  ASSIST CAN ALSO BE REACHED VIA E-MAIL AT
ASSIST@ASSIST.IMS.DISA.MIL, BY DIALING INTO THE ASSIST ELECTRONIC
BULLETIN BOARD AT (703) 756-7993/7994, AND LEAVING A MESSAGE FOR THE
SYSOP.  NOTE: THE 703-756-7994 BBS IS FOR FILE DOWNLOADS ONLY AND NO
MESSAGES MAY BE POSTED ON THIS SYSTEM.  IF YOU NEED TO LEAVE A
MESSAGE FOR ANOTHER USER OR THE SYSOP, USE THE -7993 SYSTEM.
BT