TID-2965109 FTPSERV.NLM Abend and Security fixes ( 23JUN2005)

Technical Information Document

FTPSERV.NLM Abend and Security fixes - TID2965109 (last modified 23JUN2005)

2965109 2965109

associated file

Click filename to download:
ftpservl.exe; 156855 bytes; Date/Time: 06-23-2005/11:04AM

abstract

FTPSERV.NLM v10.31 in this download supersedes FTPSERV.NLM in NetWare 4 Support Pack 9, NetWare 5.0 Support Pack 6, and FTPSERVK.EXE. It was only officially tested on NetWare 4.2, because NetWare 4.11 and 5.0 were discontinued at the time this patch was made. Use of this file requires UNIX Print Services 2.3x (2.31 comes with NW 4.2), NFS Services 2.3, or NFS Services 2.4.

This download was rebuilt on June 23, 2005, to change the status from beta to full release. Only this readme was altered.

installation

(1) Rename SYS:SYSTEM\FTPSERV.NLM to FTPSERV.OLD (or any name preferred).
(2) Rename SYS:SYSTEM\NLS\4\FTPSERV.MSG to FTPSERV.OLD (or any name preferred).
(If either of the above rename commands fail, it may be necessary to flag the files Read-Write.)
(3) Copy the new FTPSERV.NLM to SYS:SYSTEM and the new FTPSERV.MSG to SYS:SYSTEM\NLS\4.
(4) If the FTP service was already running, and assuming no FTP sessions are active, go to the server console and UNLOAD FTPSERV.NLM. The new FTPSERV.NLM will automatically load again upon the next attempted FTP connection.
(5) If FTP service was not already running, it can be started with the following steps:
a. Run UNISTART.NCF to launch the UNIX Print Services or NFS product.
b. Load UNICON. Login as admin.
c. Select "Stop/Start Services".
d. If FTP Server is not already on the list, press <insert>, highlight FTP Server, and press <enter>.

issue

FTPSERV.NLM v 10.31 includes the same security fixes from v10.30, plus the addition of a abend fix:

- FTPSERV.NLM could experience a Page Fault abend when certain FTP clients attempt to abort a FTP operation. Windows DOS-based clients send an unexpected NULL (00h) value as part of their ABORT (ABOR) sequence. FTPSERV was not able to handle this. The pointer to the command in memory would become invalid, which sometimes would result in a Page Fault. FTPSERV.NLM has been modified to remove the NULL value before processing the command.

Other fixes, previously included in FTPSERV.NLM v10.30:

-Two security weaknesses for anonymous user access have been eliminated. For the protection of systems that may not yet be patched, these security problems will not be discussed in detail. These weaknesses could allow the anonymous user to access areas outside the anonymous home directory structure, in certain very specific circumstances.

-Fixed a problem which had been previously introduced in FTPSERV 10.19, whereby FTPSERV.NLM could stop functioning. The most common trigger for this failure was a user who attempted to GET a non-existant (or misspelled) file. After that, other FTP connections would fail and the following error would appear on the system console:
CLib-4.11-005: Unable to open standard consoles new thread group. There may not be enough server memory, or server memory may be corrupted.

-Removed a previous fix involving the ability to rename files when the FTP session is using LONG namespace. The previous fix enabled the rename ability in LONG name space. However, the new filename did not take effect in any of the other name spaces (DOS, MAC, NFS). That fix was removed. To rename with FTPSERV.NLM, you must use DOS or NFS name space.

Sidenote: FTPSERV.NLM originally only supported DOS and NFS name space. Support for LONG name space was added as an enhancement in FTPSERV.NLM 9.x, but numerous issues such as the renaming problem above were discovered. To completely fix the issues with FTPSERV.NLM and LONG namespace, FTP had to be redesigned. The fully redesigned FTP Server is part of NetWare 5.1 and NetWare 6.0.

Simply as reference, below are some noteworthy prior fixes (which already existed in the last NW 4 and NW 5.0 support packs):

-GET or PUT commands which make use of a full, remote server path might fail. (i.e. PUT //SERVER2/VOL1/DIR1 ). These failure only occurred in FTP sessions defaulting to LONG namespace, and sometimes only between certain NetWare OS version combinations. These failures have been corrected.

-When using LONG name space, the FTP Server would not list files containing 3 or more dots in their names. FTPSERV.NLM will now display files with up to 9 dots in their names.

-During an ASCII type PUT operation, FTPSERV.NLM would strip out any bytes of hex 1A. This has been corrected.

-Various abend fixes were made, including a common abend in FTPSERV.NLM, code offset 10523h.

contents

Self-Extracting File Name:  ftpservl.exe

Files Included       Size   Date         Time    Version   Checksum

\
   FTPSERV.MSG      17121   03-06-2003   06:52PM
   FTPSERV.NLM     152591   03-06-2003   06:53PM
  FTPSERVL.TXT       5731   06-23-2005   11:04AM

Document Title:	FTPSERV.NLM Abend and Security fixes
Document ID:	2965109
Creation Date:	07MAR2003
Modified Date:	23JUN2005
Document Revision:	3
Novell Product Class:	Connectivity Products
Novell Product and Version:	UNIX Connectivity

Disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.