[ISN] Firm warns of NetWare security hole

From: InfoSec News (isnat_private)
Date: Fri Apr 05 2002 - 00:35:18 PST

  • Next message: InfoSec News: "[ISN] Four arrested in plan to expose lax security at Camp Pendleton"

    By Deni Connor
    Network World Fusion, 04/04/02
    IT managers of NetWare 5.1 and NetWare 6 networks need to be aware of
    a vulnerability in the operating system that makes it subject to
    intrusions that could cause the system to crash.
    IXSecurity.com, an IT security firm, reported Thursday that NetWare
    5.1 and 6 are vulnerable to a buffer overflow condition that could
    affect server operation.
    Both operating systems can be attacked through the NetWare 6 Remote
    Manager utility, also called the Portal NLM (NetWare Loadable Module),
    a Web-based server management interface.
    With scripts or just the correct combination of keystrokes, intruders
    could cause servers to crash or abend (Abnormal End), or they could
    execute code on the server.
    IXSecurity claims it notified Novell last month about the problem and
    Novell failed to respond. IXSecurity suggests that users disable the
    NetWare Remote Manager NLM called HTTPSTK.NLM until Novell issues a
    The vulnerability occurs when an intruder enters a username or
    password that is too long when prompted by the NetWare Remote Manager
    Novell indicates it will have a patch for this vulnerability as soon
    as Friday. The patch, which should be applied to all NetWare 5.1 and 6
    servers, can be downloaded from the technical patch site, located at
    http://support.novell.com/misc/patlst.htm. The patch will also be
    added into the next Novell support pack.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Apr 05 2002 - 03:34:55 PST