Submit a Story      Security   FAQ    Resources    Certification    Links    Calendar    Forum    Polls    Search      

Welcome to abeNd.org - Novell News for IT Professionals Friday, May 18 2012 @ 04:20 AM CDT
User Functions
:

:

Don't have an account yet? Sign up as a New User
Lost your password?

What's New
STORIES
No new stories

COMMENTS last 2 days
No new comments

TRACKBACKS last 2 days
No new trackback comments

LINKS last 2 weeks
No recent new links


Who's Online
Guest Users: 6

Live Novell Chat
Live Novell Chat

Topics
Home
Poll posts (1/0)
Way Off Topic! (1/0)
Contracting (2/0)
FAQ (1/0)
NetWare (51/0)
Certification (32/0)
NDS/eDir (20/0)
Administration (78/0)
GroupWise (146/0)
Linux/Open Source (311/0)
Resources (21/0)
General News (911/0)
Security (296/0)

Poll
Have you deployed ZCM 11 SP2 yet?
Yes - on Linux
Yes - on Windows
Yes - with the .OVA
No - just waiting a week
No - still on ZCM 10
No - still on ZenWorks 7
No - still on ZenWorks 6 or earlier
No - not a ZenWorks user
Results
16 votes | 0 comments

Microsoft Security


 [SA43431] Novell Netware XNFS.NLM "xdrDecodeString()" Buffer Overflow Vulnerability    
 Author:  kkbass
 Dated:  Monday, March 14 2011 @ 08:00 AM CDT
 Viewed:  1,094 times  
SecuritySECUNIA ADVISORY ID:
SA43431

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/43431/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=43431

RELEASE DATE:
2011-03-13

DISCUSS ADVISORY:
http://secunia.com/advisories/43431/#comments

DESCRIPTION:
A vulnerability has been reported in Novell Netware, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the
"xdrDecodeString()" function in the XNFS.NLM component when handling
a NFS RPC request. This can be exploited to cause a stack-based
buffer overflow by sending a specially crafted RPC request to port
1234/UDP.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in all 6.5 versions.

SOLUTION:
Apply patch.

Further details available in Customer Area:
http://secunia.com/products/corporate/EVM/

PROVIDED AND/OR DISCOVERED BY:
Francis Provencher, Protek Research Labs via ZDI.

ORIGINAL ADVISORY:
Novell:
http://download.novell.com/Download?buildid=1z3z-OsVCiE~

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-11-090/



What's Related
  • http://secunia.com/advi...
  • https://ca.secunia.com/...
  • http://secunia.com/advi...
  • http://secunia.com/prod...
  • http://download.novell....
  • http://www.zerodayiniti...
  • More by kkbass
  • More from Security

    		•
    Story Options
  • Mail Story to a Friend
  • Printable Story Format

    • Trackback

    Trackback URL for this entry: http://www.abend.org/trackback.php/2011031408003511

    No trackback comments for this entry.
    [SA43431] Novell Netware XNFS.NLM "xdrDecodeString()" Buffer Overflow Vulnerability | 0 comments | Create New Account
    The following comments are owned by whomever posted them. This site is not responsible for what they say.
     Copyright © 2012 abeNd.org
     All trademarks and copyrights on this page are owned by their respective owners.    		 Powered By GeekLog
    Created this page in 0.08 seconds