Novell NetWare OpenSSH Stack Overflow Vulnerability

Released on: 2010-08-31
Updated on: 2010-09-01

Affected Systems:
Novell Netware 6.5
Description:
--------------------------------------------------------------------------------
Bugtraq id: 42875

Novell Netware is a commercial network operating system.

The SSHD. NLM module of NetWare and Its SFTP-SVR.NLM submodule have Stack Overflow Vulnerability. In an SFTP or SCP session, if the file path specified by the authenticated user attempts causes an ultra-long absolute path exceeding 512 characters, it will overflow the allocated memory buffer and destroy the stack of the SFTP or SCP session. This usually leads to ABEND, because it will damage the code pointer on the process stack and point to an invalid or unexpected memory address. Under normal circumstances, only SFTP or SCP sessions with a specified ultra-long path are affected. However, if this happens repeatedly, other processes can be affected by exhausting resources and executing other code in the memory.

<* Source: Francis Provencher

Link: http://secunia.com/advisories/41180/
Http://www.novell.com/support/viewContent.do? ExternalId = 7006756.
Http://marc.info /? L = bugtraq & m = 128344014814933 & w = 2
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Http://www.exploit-db.com/exploits/14866/

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Novell
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://support.novell.com/security-alerts