Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Networking Stack (NetWare)  >   Netware Remote Manager Vendors:   Novell
Novell Netware Remote Manager Buffer Overlow Lets Remote Users Crash the Manager and Possibly Execute Arbitrary Code
SecurityTracker Alert ID:  1003947
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 2 2002
Impact:   Denial of service via network, Execution of arbitrary code via network

Version(s): 6
Description:   iXsecurity reported a buffer overflow vulnerability in the Netware 6 Remote Manager. A remote user can cause the server to crash or possibly to execute arbitrary code.

It is reported that a remote user could cause the HTTPSTK.NLM or SERVER.NLM to ABEND by sending a long username or password to the manager's secure web interface on port 8009 (default configuration). According to the report, it may be possible to execute arbitrary code (the remote user can cause the EAX register to be overwritten with arbitrary data), but this has not been confirmed.

The vendor has reportedly been notified.

Impact:   A remote user can cause certain services to crash. A remote user may be able to cause arbitrary code to be executed on the system, but this has not been confirmed.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS Comments:  Netware 6, 6 SP1

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Patch) Re: Novell Netware Remote Manager Buffer Overlow Lets Remote Users Crash the Manager and Possibly Execute Arbitrary Code
The vendor has issued a patch.

 Source Message Contents

Subject:  iXsecurity.20020313.nw6remotemanager.a

iXsecurity Security Vulnerability Report
No: iXsecurity.20020313.nw6remotemanager.a

Vulnerability Summary
Problem:                The Netware 6 Remote Manager, which is a
                        web-based interface for managing the
                        server, has a buffer overflow condition.

Threat:                 An attacker could cause the HTTPSTK.NLM
                        or SERVER.NLM to ABEND, or possibly execute
                        arbitrary code.

Affected Software:      Netware 6 Remote Manager.

Platform:               Netware 6 and Netware 6 SP1.

Solution:               Install the patch for Netware 6 Remote
                        manager, whenever Novell decide to publish
                        it, or disable the NLM.

Vulnerability Description
The Netware 6 Remote Manager listens to port 8009 by default and is
to be accessed using a SSL capable webbrowser. The NLM handling this
is the HTTPSTK.NLM. The buffer overflow condition occures when the
basic authentication fields are supplied with a long username or
password. Depending on the length of the username and/or password
supplied, there server will ABEND in either the SERVER.NLM or the
HTTPSTK.NLM. The first condition occurs when the server is trying to
free memory which has been overwritten by the username. Eg. The
server is trying to free 0x00000041, when the buffer has been
filled with 595 'A's. This abend occurs in the SERVER.NLM.
The second condition is within the HTTPSTK.NLM itself and occurs
in a CMP where the EAX register contains 0x41414141. It is triggered
by 626 characters. Supplying even more characters > 1565 the browser
will respond with document contains no data, however the server will
not ABEND. We have not dug deeper in to the conditions to see if they
are exploitable or not.

Additional Information
Novell was contacted 20020314, however they decided not to reply.

This vulnerability was found by


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC