Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

GSNW error message 1

Status
Not open for further replies.
cbarrol

cbarrol

IS-IT--Management
Sep 4, 2001
105
US
Hello,

I had a wierd message box pop up on the 2000 server this morning (and I cant get rid of it). The header of the message box reads "Gateway Service for Netware" and the message reads:
"Message from server"
O O

I found two relative MS hotfixes, installed them & rebooted the server:

The message box comes back upon reboot.
We DO use GSNW on that machine.

Has anyone ever seen this, or can anyone offer any suggestions?
Thank You,
Craig Barroll
 
Sort by date Sort by votes
I assume youve uninstalled and reinstalled/reconfigured GSNW attemtping to fix this?

What version of Netware on the other end?

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Sr. Infrastructure Management Analyst
Distributed Systems Engineering
ACS, Inc.
 
Upvote 0 Downvote
Brandon,

Thanks for the quick response.
Negative on the reinstall/reconfig of GSNW. Netware V.6 on the other end. BTW, the message almost resembles a "net send" message with jibberish (the two characters that look like OO) The info I found online with one of the hot-fixes referred to:

"A remote attacker can exploit this vulnerability by sending a malformed message to the Client Service. This message would likely contain excessive data that is sufficient to overflow a finite sized buffer and corrupt process memory. A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This issue could also be exploited by local attackers to gain elevated privileges."

I thought the hot-fix would solve the problem but it did not.
 
Upvote 0 Downvote
my initial thought when i read this post was cycle the server and workstation service (shut the system down for about 10 minutes is easiest..ensure all packets that may have been incoming from a malicious person time out), uninstall GSNW completely, reapply the hotfix (assuming it allows install without GSNW installed), then reinstall/reconfigure GSNW....the cycling of services or the shutdown being a safety precaution :) if it were me personally i would do it just to see if it resolves anything, at least

If someone did exploit this system, it will be best to reset major passwords on the Novell and Windows side (administrator, and admins resetting theirs, just in case)..

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Sr. Infrastructure Management Analyst
Distributed Systems Engineering
ACS, Inc.
 
Upvote 0 Downvote
Brandon,

The popup went away last evening almost as mysteriously as it appeared, about 3 hours AFTEr I applied the hot-fixes and rebooted, and has not reappeared since. We did do a netstat -an and did not see any evidence of an external connection. Thanks for the feedback.
 
Upvote 0 Downvote
that is very interesting

glad to hear your good now :)

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+
Sr. Infrastructure Management Analyst
Distributed Systems Engineering
ACS, Inc.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
169
DeepuM
DeepuM
johan_1212
  • Locked
  • Question
AVG Antivirus Error
Replies
0
Views
61
johan_1212
johan_1212
KnowItAllmost
  • Locked
  • Question
IIS 8.5 Throws Server Error 500.19 and error code: 0x80070021 SOLVED
Replies
0
Views
131
KnowItAllmost
KnowItAllmost
brunei2730
  • Locked
  • Question
SMTP error on fax confirmation
Replies
3
Views
126
DrB0b
DrB0b
djieon
  • Locked
  • Question
Scheduled Task - Object 91 Error
Replies
0
Views
82
djieon
djieon

Part and Inventory Search

Sponsor

Back
Top