Potential Security Vulnerability with Apache on NetWare 6.5 after installing OES2 Linux Server

  • 7001907
  • 17-Nov-2008
  • 26-Apr-2012

Environment

Novell Apache on NetWare 2.0.48
Novell NetWare 6.5 Support Pack 7
Novell NetWare 6.5 Support Pack 6
Novell NetWare 6.5 Support Pack 5

Situation

After installing an OES2 Linux server into a tree that is already running on NetWare 6.5, it is possible to access the ApacheAdmin console on NetWare without using a password.

NOTE:  Generally this problem is only seen when the NetWare server has been upgraded from an earlier version of NetWare 6.5 (i.e. Support Pack 2, Support Pack 3, etc.) to Support Pack 7. 

Resolution

The fix to this issue is to apply support pack 8 to the server.