[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [Secure-NT] [Fwd: Winnt 4.3 has been updated]
From:       secure-nt () WWA ! COM
Date:       1998-08-31 19:05:33
[Download RAW message or body]

This just in from Novell in response to the NT ZEN client bug.

Bert

--
     /^^^\      As usual, my opinions
    /~O~O~\     are my own and most likely
    \     /     not those of my company.
-oOo-------oOo-

> From TPETERSON@novell.com  Thu Jul 30 13:00:35 1998
Received: from gate2.citicorp.com (gate2.citicorp.com [163.39.250.200])
        by magnolia.citicorp.com (8.8.5/8.8.5) with SMTP id NAA24433;
        Thu, 30 Jul 1998 13:00:34 -0400 (EDT)
Received: from orm-mh.orem.novell.com (orm-mail20.orem.novell.com) by \
gate2.citicorp.com with SMTP id NAA05509  (InterLock SMTP Gateway 3.0); Thu, 30 Jul \
                1998 13:00:36 -0400
Received: from INET-ORM-Message_Server by orm-mh.orem.novell.com
        with Novell_GroupWise; Thu, 30 Jul 1998 10:58:57 -0600
Message-Id: <s5c051f1.069@orm-mh.orem.novell.com>
X-Mailer: Novell GroupWise 5.5
Date: Thu, 30 Jul 1998 10:58:49 -0600
From: "Thayne Peterson" <TPETERSON@novell.com>
Subject: Winnt 4.3 has been updated
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Apparently-To: <ramodol@pop3.citicorp.com>
Apparently-To: <janderse@pop3.citicorp.com>
Apparently-To: <hgroothe@pop3.citicorp.com>
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by magnolia.citicorp.com id \
NAA24433

Using the Novell Client v4.3 for Windows NT there is the possibility that individuals \
could access information on the local NT Workstation without having to authenticate.  \
If a user clicks on the "?" button in the Novell GUI Login, selects open from the \
file menu, then right clicks on anything in the active dialog box they can gain \
access to files on the local hard drive with system-level rights.

Novell has already released an update to correct the issue.

The Novell Client v4.3 for Windows NT that can currently be downloaded from \
www.novell.com\download has been modified to prevent this from occurring.  The patch \
file NT430I1.EXE is also available on from www.novell.com\download and contains the \
updated code that prevents this issue as well as solves other known issues with the \
4.3 Client.  The Z.E.N.works boxes that are currently in the channel will all be \
rotated to incorporate the updates.

The best way for a customer to verify if they have the Client that has this issue is \
to check the version of the files LOGINW32.DLL in the WINNT\SYSTEM32 directory, and \
the LOGINW32.RLL in the WINNT\SYSTEM32\NLS\ENGLISH.  If the version of these files is \
2.00.00 then you could see this problem.  If the version of the files is anything \
later than 2.00.00, you have the files that eliminate the problem.  You can verify \
the version of the files by right clicking on the files, going to properties and \
looking at the File Version.

The updated NT Client can be distributed rapidly and efficiently through the \
Automatic Client Upgrade (ACU) or through the Novell Application Launcher (NAL) which \
is a component of the Z.E.N.works Starter Pack and Z.E.N.works product.  The patch \
file NT430IT.EXE ships with a NAL template that can then be imported into NDS and \
associated with the desired users.  The Automatic Client Upgrade is well documented \
in the online help that ships with the Novell Clients.

Issues like this clearly demonstrate the need and value of desktop administration \
suites such as Z.E.N.works. Without Z.E.N.works, distributing updates such as this to \
workstations across an Enterprise can be very expensive.



[prev in list] [next in list] [prev in thread] [next in thread]