Release date:
Updated on:
Affected Systems:
Novell Netware
Description:
--------------------------------------------------------------------------------
Novell Netware is a commercial network operating system.
Novell Netware in xnfs. the nlm component has a remote code execution vulnerability in the implementation of nfs rpc requests. When the process monitors the xdr encoded file name in the NFS_RENAME program request on UDP port 2049, the process uses the length provided by the user as the size of the static buffer. Remote attackers can exploit this vulnerability to execute arbitrary code.
<* Source: Francis Provencher
Link: http://www.zerodayinitiative.com/advisories/ZDI-12-006/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Novell
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.novell.com/security-alerts