Object dddddddddddddddddddd will not delete

  • 3574754
  • 09-Aug-2006
  • 26-Apr-2012

Environment

Novell NetWare 6.5 Support Pack 2
Novell NetWare 6.5 Support Pack 3
Novell NetWare 6.0
Novell NetWare 5.1

Situation

Object dddddddddddddddddddd shows up for no reason and after object is deleted, it comes back.
A vulnerability has been reported in NetWare, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in CIFS.NLM when handling password lengths and can be exploited to crash the service.

The vulnerability has been reported in NetWare 5.1, 6.0, 6.5 SP2 and 6.5 SP3.

NOTE: The "worm_rbot.ccc" worm, which exploits a Windows vulnerability, may reportedly trigger this vulnerability.

Resolution

1) All Novell servers will have to unload the CIFS module or be upgradedto the latest CIFS module. New CIFS modules do not have thevulnerability.

2) On all servers with replicas, stop DS synchronization:

set dstrace=!d

set dstrace=!s0 (The last character is a zero)
3) Go to each server with a replica and load DSBROWSE -A | TREE BROWSE to the object, hit F3 and delete selectedobject.

4) Re-enable DS synchronization:

set dstrace=!e

set dstrace=!s1

5) Run DSREPAIR | ADVANCED OPTIONS MENU | REPAIR LOCAL DS DATABASE | F10 on those boxes to clear any 601 errors.

6) Find the infected workstation and clean it up.