COMMAND

    zen

SYSTEMS AFFECTED

    Win NT with zen 2.5 client (netware)

PROBLEM

    Dave Cottle found following.  Using the WINHLP32.EXE function  for
    providing  help  in  the  authentication  boxes  allows  access to
    resources without authentication  through the help  program's file
    menu.  The security issue is only relevant on WinNT  workstations,
    and only the latest version  of the NetWare client (4.30.4.10)  is
    vulnerable.

    This can be reproducible always by following method.  At the logon
    screen, or the locked workstation screen press ctl-alt-del to open
    up the authentication box, use either the ? in the top  right-hand
    corner  or  press  F1  to  reveal  the  help  program.  Choose the
    file->open option to reveal the explorer common dialog box. Either
    open a help  file that contains  a link to  cmd.exe (eg the  WinNT
    resource kit  help files)  or right-click  on a  folder and select
    "open" to  bring up  a separate  explorer window.   Close down the
    help function.

    You will now  have either a  command prompt or  an explorer window
    without having to enter a usercode or password. If the workstation
    is locked, you now have access to the current user's desktop,  and
    shoud also  be active  as the  SYSTEM account.   If there  was  no
    logged-on  user,  you  now  have  interactive access as the SYSTEM
    account.

    By this, NT client security  can be bypassed, without requiring  a
    usercode or password.

SOLUTION

    The  Novell  Client  v4.3  for  Windows  NT  that can currently be
    downloaded from

        http://www.novell.com/download

    has been modified to prevent this from occurring.  The patch  file
    NT430I1.EXE is also  available on from  same URL and  contains the
    updated code  that prevents  this issue  as well  as solves  other
    known issues with the 4.3 Client.  The Z.E.N.works boxes that  are
    currently in the  channel will all  be rotated to  incorporate the
    updates.  The best way for  a customer to verify if they  have the
    Client that has this  issue is to check  the version of the  files
    LOGINW32.DLL in the WINNT\SYSTEM32 directory, and the LOGINW32.RLL
    in the WINNT\SYSTEM32\NLS\ENGLISH.  If the version of these  files
    is 2.00.00 then you could see this problem.  If the version of the
    files is  anything later  than 2.00.00,  you have  the files  that
    eliminate the problem.  You can verify the version of the files by
    right clicking on  the files, going  to properties and  looking at
    the File Version.