Novell

This is Your Open EnterpriseTM

eDirectory 8.7.3 SP9 FTF3 Hotfix1 for All Platforms

This document (5007381) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

This patch does not supersede any other patches.

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: Yes
Priority: Optional
Distribution Type: Field Test File
http://download.novell.com/Download?buildid=vmI2NFvQfbE~

document

Revision: 2
Document ID: 5007381
Creation Date: 2008-05-01 16:15:03
Modified Date: 2008-05-14 17:56:04

technical support

This Field Test File is supported by Novell Technical Services.

abstract

Abstract: This patch resolves three security vulnerabilities found since eDirectory 8.7.3 Support Pack 3 FTF3 was released and will be superceded by the next available eDirectory Support Pack. The following platforms are covered by this hotfix: NetWare, Windows, Linux , AIX, HP-UX and Solaris. Main module versions contained in this patch: NLDAP: 10555.95 HTTPSTK 10554.31 HCONSERV 10554.31 (NetWare only requires the new NLDAP.NLM)

details

Overview:

This hotfix resolved the following security vulnerabilities:
- A large LDAP extended request message can cause a stack overflow.
(TID 3382120) (Bug 306096) (ZDI-CAN-217)
- Resolves a cross scripting attack vunlerability in the httpstk stack.
(TID 3460217) (Bug 290811) (CVE-2008-0925 )
- HTTP headers would put dhost into high utilization on Windows.
(TID 3829452) (Bug 290819) (CVE-2008-0927)

System Requirements:

In order to install this hotfix the server must have the following versions already installed:
NetWare, Windows, Linux and Solaris:
eDirectory 8.7.3 Support Pack 9 plus eDirectory 8.7.3 Support Pack 9 FTF3
AIX and HP-UX:
eDirectory 8.7.3 Support Pack 9

eDirectory 8.7.3 SP9
Lunix\Unix: http://download.novell.com/Download?buildid=C6yhvx98PNk~
NetWare\Win32:http://download.novell.com/Download?buildid=WTZy39eYKaE~
eDirectory 8.7.3 SP9 FTF3
Linux\Unix: http://download.novell.com/Download?buildid=oR3nIJefhkI~
Netware\Win32: http://download.novell.com/Download?buildid=iLjgKhcew9c~


======================================================================================================

NETWARE INSTALLATION GUIDE:


Below are the files for NetWare contained in this release as well as the locations where they should be placed. The directory structure reflects their destination.

Pre-Installation checklist:
1. Run a health check on the tree to make sure there are no current problems with this or any other server in the tree.
2. Make a backup of the server's eDirectory dib. Among other methods this can be done by typing " dsrepair -rc " at the server console.
3. The server MUST be running the previously stated eDirectory versions.

Installation:
1. Backup the existing files.
2. Copy the new modules to the indicated directory. Note that the files are in their named directory within the patch.
3. Perform a " UNLOAD NLDAP " followed by a " LOAD NLDAP " at the server console.

SYS:\SYSTEM\NLDAP.NLM
SYS:\SYSTEM\NLS\4\NLDAP.MSG

======================================================================================================

LINUX AND UNIX INSTALLATION GUIDE:

Server Requirements:
The server MUST be running the previously stated eDirectory versions.

Installation:

1. Log in as user with root privileges on the host.

2. Stop NDSD.

Linux: /etc/init.d/ndsd stop
Solaris:/etc/init.d/ndsd stop
HP-UX: /sbin/init.d/ndsd stop
AIX: /etc/ndsd stop

3. The following modules will need to be renamed:

libnldap.so.1.0.0
libhconserv.1.0.0
libhttpstk.1.0.0

For HP-UX the modules are:

libnldap.sl.1.0
libhconserv.sl.1.0
libhttpstk.sl.1.0

For example on Linux
mv /usr/lib/nds-modules/libnldap.so.1.0.0 /usr/lib/nds-modules/libnldap.so.1.0.0-sp9ftf3
mv /usr/lib/nds-modules/libhttpstk.so.1.0.0 /usr/lib/nds-modules/libhttpstk.so.1.0.0-sp9ftf3
mv /usr/lib/nds-modules/libhconserv.so.1.0.0 /usr/lib/nds-modules/libhconserv.so.1.0.0-sp9ftf3

4. Copy the modules from this Hotfix.
For example:cp * /usr/lib/nds-modules

5. Ensure the permissions are correct.
For example:chmod u+x /usr/lib/nds-modules/*

6. Start NDSD.

======================================================================================================

WIN32 INSTALLATION GUIDE:

Below are the files for the Windows platform contained in this release as well as the locations where they should be placed. The directory structure reflects their destination.
The server MUST be running the previously stated eDirectory versions.

Installation:
1. Backup the existing files and ensure the eDirectory service has not been been restarted.
Go to the NDS Console and select SHUTDOWN is the service is currently running. Otherwise it will be greyed out.
To ensure eDirectory services are not running look to see if DHOST is still running in Task Manager.
2. Copy the new modules to the indicated directories.
3. Restart the eDirectory service by selecting STARTUP in the NDS Console and verifying DS.DLM is running.

C:\NOVELL\NDS\HCONSERV.DLM
C:\NOVELL\NDS\HTTPSTK.DLM
C:\NOVELL\NDS\NLDAP.DLM


MD5SUM File

498622c1e745d5603356727e459a9a05 edir8739ftf_3-hf_1.zip

68fdd7a8b4ce1feda5409c5c1924b622 ./NetWare/sys/system/nldap.nlm
fd0ee7d6d558af2f91846231f786a3db ./NetWare/sys/system/nls/4/nldap.msg
02632ee8b2c02ee6b46e60de53e165ee ./Linux/usr/lib/nds-modules/libnldap.so.1.0.0
27257cb69dad497f12dec155650cd80b ./Linux/usr/lib/nds-modules/libhconserv.so.1.0.0
045a7bdb0367613d5798e8615fc1298e ./Linux/usr/lib/nds-modules/libhttpstk.so.1.0.0
9a13753d0579477fbe2ecd5def61255c ./HPUX/usr/lib/nds-modules/libhconserv.sl.1.0
12ef5043b40cbbe7cf1b1939b207f012 ./HPUX/usr/lib/nds-modules/libhttpstk.sl.1.0
d85179cfdc3bf2349e4b2ef094d9f2b4 ./HPUX/usr/lib/nds-modules/libnldap.sl.1.0
5cbc18cca9c0fb0430654efce9f59dcb ./Win32/novell/nds/nldap.dlm
e66a93a89447fbc1b6f302759586168a ./Win32/novell/nds/httpstk.dlm
cc97ca5f1cd10b1e4341c0a2b41a708c ./Win32/novell/nds/hconserv.dlm
d2be9c9b26f73d67e5e0217fddfe4e59 ./AIX/usr/lib/nds-modules/libnldap.so.1.0.0
9d7c9a4a6fbbd9d4a2f04bc6bfb6732d ./AIX/usr/lib/nds-modules/libhconserv.so.1.0.0
5bb8ee1136834a3fa4a6f483fc494d3d ./AIX/usr/lib/nds-modules/libhttpstk.so.1.0.0
ca8dbe90ebde92e886d6d4bbe2af882b ./SunOS/usr/lib/nds-modules/libnldap.so.1.0.0
7d3ccb170d03c977139b0e9f39dcb4c1 ./SunOS/usr/lib/nds-modules/libhconserv.so.1.0.0
aa1f5e4edc7ca95975ea23824d5e84fe ./SunOS/usr/lib/nds-modules/libhttpstk.so.1.0.0

security fixes

ZDI-CAN-217
CVE-2008-0925
CVE-2008-0927

file contents

Files IncludedSizeDate
edir8739ftf_3-hf_1.zip2.9 MB (3122097)2008-04-30 09:03:23
readme_5007381.htmlN/A2008-05-14 17:56:05

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.