Release date:
Updated on:
Affected Systems:
Novell Netware
Description:
--------------------------------------------------------------------------------
Novell Netware is a commercial network operating system.
Novell Netware in xnfs. the nlm component has a remote code execution vulnerability in implementing nfs rpc requests. This process monitors UDP and TCP port 32778. When decoding xdr decoded data in stat_policy program requests, the process uses the length provided by the user as the size of the static buffer. Remote attackers can exploit this vulnerability to execute arbitrary code.
<* Source: Francis Provencher
Link: http://packetstormsecurity.org/files/108401/ZDI-12-007.txt
Http://www.zerodayinitiative.com/advisories/ZDI-12-007/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Novell
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.novell.com/security-alerts