COMMAND

    NetWare

SYSTEMS AFFECTED

    Enterprise Web Server for NetWare 4.x and 5.x

PROBLEM

    Brian Eckman  posted following.  A similar  problem exists  in the
    Enterprise  Web  Server  for  NetWare  4.x  and  5.x  just like in
    Netscape described at:

        http://oliver.efri.hr/~crv/security/bugs/mUNIXes/nscape54.html

    When a username >310 chars is sent to the Admin Server, the  Admin
    server crashes.  Authentication to other password protected  areas
    of the Web Server is not affected.

    With the  Enterprise Server  for NetWare,  the admin  port on  the
    server will allow a username of any length when authenticating.  A
    username of more than 310 characters will cause the admserv.nlm to
    crash.   The admin  port then  is not  accessable again  until the
    server is rebooted.  An attempt to manually unload the nlm  caused
    the server  to lock  up completely.  An attempt  to reload the nlm
    resulted in  a message  stated the  nlm was  already loaded.   The
    offending  process  (admserv.nlm)  does  not  appear to stop other
    services  running  on  the  server.   The  Web server continues to
    function  normally,  as  does  the  LDAP  authentication  to other
    restricted  areas  (only  tested  restricted subdirectories within
    the  web  root).   Regular  directories  within  the Web site that
    require  authentication  are  not  vulnerable.  Submitting  a long
    username and/or password (somewhere  over 1000 chars) will  result
    in a message  "Your browser sent  a message this  server could not
    understand."  This was tested on a 4.11 box with SP7.

SOLUTION

    The Admin server can be turned off when not in use, or block  that
    port with your firewall.