cqure.net.20020412.netware_client.a

From: Patrik Karlsson (patrik.karlssonat_private)
Date: Wed May 08 2002 - 03:02:01 PDT

Next message: Patrik Karlsson: "cqure.net.20020408.netware_nwftpd.a"

Previous message: Patrik Karlsson: "cqure.net.20020412.bordermanager_36_mv1.a"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

cqure.net Security Vulnerability Report
No: cqure.net.20020412.netware_client.a
========================================

Vulnerability Summary
---------------------
Problem:           Multiple buffer overflow conditions exist in the
                   Novell Netware client for Windows.

Threat:            An attacker could crash any software relying on
                   name resolution, like ping, traceroute, rexec
                   and rsh.

Affected Software: Novell Netware Client 4.83.

Platform:          Windows 2000/XP verified.

Vulnerability Description
-------------------------
If one would run the command ping with a long hostname an access
violation would occur. Depending on the length of the hostname the
program will crash in different locations. This might be interesting
in a WTS or Citrix environment. We have looked very briefly at the
problem and therefore can't comment on the impact of this issue.

Solution
--------
Install patch from Novell as soon as it becomes available.

Additional Information
----------------------
Novell was contacted 20020412.

This vulnerability was found and researched by
Patrik Karlsson & Jonas Ländin
patrik.karlssonat_private
jonas.landinat_private

This document is also available at: http://www.cqure.net/advisories/

Next message: Patrik Karlsson: "cqure.net.20020408.netware_nwftpd.a"
Previous message: Patrik Karlsson: "cqure.net.20020412.bordermanager_36_mv1.a"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed May 08 2002 - 12:34:31 PDT