SOFTPAQ NUMBER : SP14488
PART NUMBER: N/A
FILE NAME: UPDTHMMO.BAT
TITLE:   Compaq Management Agents Security Overflow Patch
VERSION: 2.0
LANGUAGE: English

CATEGORY: Software Solutions

DIVISIONS: Systems

PRODUCTS AFFECTED: Compaq Management Agents for NetWare

OPERATING SYSTEM: Novell NetWare 3.2x, NetWare 4.x, and NetWare 5.x.

SYSTEM CONFIGURATION:  N/A

PREREQUISITES:  N/A

EFFECTIVE DATE: January 10, 2001

ELECTRONIC DISTRIBUTION ALLOWED:  Yes

SOFTPAQ UTILITY VERSION:  2.x

SUPERSEDES:  N/A

DESCRIPTION: This SoftPaq allows updating a file needed to fix a potential security issue
in the web-enabled portion of the Compaq Management Agents for Novell NetWare. Basically, 
there is a buffer overflow problem when a large value HTTP request is passed in the Compaq 
Management Agents. It could result in a modification of the host server's stack. Depending 
on how the stack was modified, the server could potentially abend. This affects the web 
component of the affected products for the following versions:

  Compaq Management Agents version 4.23b to 4.90

HOW TO USE:

Have all the associated files in a single directory on your hard drive and 
perform the following steps:
   
  1. Use a Web Browser pointing to a server running the web enabled agents to
     identify your CPQHMMO.NLM version.  If CPQHMMO.NLM is 2.2 or greater
     then NO UPDATE IS NEEDED.

  2. Land the SoftPAQ onto a temporary subdirectory on a client and map a drive to
     the root of the SYS: volume of the target NetWare server (you must have
     supervisor rights).  Run the UPDTHMMO.BAT batch file passing the drive
     letter of the target server. For example: UPDTHMMO M:. This will back up the 
     current CPQHMMO.NLM as *.BK$ file and copy the 2.2 CPQHMMO.NLM onto the server.
  
  3. At a convenient time DOWN and RESTART your server.
     If you don't want to reboot the server, the following steps will need to be done:
      1). Type "unload cpqwebag".
      2). Type "modules cpqhmmo". If the cpqhmmo.nlm is not loaded, then you only need 
          to do step 4), skip 3) and 5). Otherwise, follow through the step 3), 4), and 5).
      3). Type "unload survey".
      4). Type "cpqsnmp" to load the WEBAGENT.NLM with the new CPQHMMO.NLM.
      5). Find the "load survey ..." line in your sys:/system/autoexec.ncf. Then go
          back to server console screen and type the exactly "load survey ..." with
          the -flags as in autoexec.ncf to load the Compaq Survey Utility.
      
  4. Use a Web Browser to verify functionality of new web agent update. 
  

HOW TO RESTORE YOUR ORIGINAL CONFIGURATION:

To restore the original version of the patched file, perform the following step:
  1. Run the RESTHMMO.BAT (passing the drive letter of the target server)
     to restore the configuration to its original state.


Copyright 2001, Compaq Computer Corporation.  All rights reserved.

Product names mentioned herein may be trademarks and/or registered
trademarks of their respective companies