cqure.net.20020521.netware_nwftpd_fmtstr

From: Patrik Karlsson (patrikat_private)
Date: Tue Jun 25 2002 - 12:52:57 PDT

Next message: security-protocolsat_private: "Caucho Resin Path Disclosure"

Previous message: John Williams: "OpenSSH vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

cqure.net Security Vulnerability Report
No: cqure.net.20020521.netware_nwftpd_fmtstr
============================================

Vulnerability Summary
---------------------
Problem:                The Netware FTP server has a DOS
			vulnerability.

Threat:                 An attacker could cause the FTP server
                        to ABEND resulting in a DOS where the
                        whole server has to be restarted to
                        regain full functionality.

Affected Software:      Novell Netware FTP server.

Platforms:              Netware 6.0 verified SP 1 + NWFTPD update.

Solutions:              Install patches from Novell as soon as
                        they become available.


Vulnerability Description
-------------------------
The Netware FTP server has a formatstring condition which can be
triggered by issuing format strings as login username. This will
cause the server to ABEND. For the FTP server to regain full
functionality a complete reboot has to be done.

Additional Information
----------------------
Novell was contacted 20020521.

This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrikat_private
jonasat_private

This document is also available at: http://www.cqure.net/advisories/

Next message: security-protocolsat_private: "Caucho Resin Path Disclosure"
Previous message: John Williams: "OpenSSH vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 13:20:35 PDT