Potential Security Vulnerability with Apache on NetWare 6.5 after installing OES2 Linux Server

This document (7001907) is provided subject to the disclaimer at the end of this document.

Environment

Novell Apache on NetWare 2.0.48
Novell NetWare 6.5 Support Pack 7
Novell NetWare 6.5 Support Pack 6
Novell NetWare 6.5 Support Pack 5

Situation

After installing an OES2 Linux server into a tree that is already running on NetWare 6.5, it is possible to access the ApacheAdmin console on NetWare without using a password.

NOTE: Generally this problem is only seen when the NetWare server has been upgraded from an earlier version of NetWare 6.5 (i.e. Support Pack 2, Support Pack 3, etc.) to Support Pack 7.

Resolution

The fix to this issue is to apply support pack 8 to the server.

Document

Document ID:	7001907
Creation Date:	11-17-2008
Modified Date:	12-24-2008
Novell Product:	Apache
Novell Product:	NetWare

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.