SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Networking Stack (NetWare)  >   Netware Remote Manager Vendors:   Novell
Novell Netware Remote Manager Buffer Overlow Lets Remote Users Crash the Manager and Possibly Execute Arbitrary Code
SecurityTracker Alert ID:  1003947
SecurityTracker URL:  http://securitytracker.com/id/1003947
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 2 2002
Impact:   Denial of service via network, Execution of arbitrary code via network

Version(s): 6
Description:   iXsecurity reported a buffer overflow vulnerability in the Netware 6 Remote Manager. A remote user can cause the server to crash or possibly to execute arbitrary code.

It is reported that a remote user could cause the HTTPSTK.NLM or SERVER.NLM to ABEND by sending a long username or password to the manager's secure web interface on port 8009 (default configuration). According to the report, it may be possible to execute arbitrary code (the remote user can cause the EAX register to be overwritten with arbitrary data), but this has not been confirmed.

The vendor has reportedly been notified.

Impact:   A remote user can cause certain services to crash. A remote user may be able to cause arbitrary code to be executed on the system, but this has not been confirmed.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS Comments:  Netware 6, 6 SP1

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Vendor Issues Patch) Re: Novell Netware Remote Manager Buffer Overlow Lets Remote Users Crash the Manager and Possibly Execute Arbitrary Code
The vendor has issued a patch.



 Source Message Contents

Subject:  iXsecurity.20020313.nw6remotemanager.a


iXsecurity Security Vulnerability Report
No: iXsecurity.20020313.nw6remotemanager.a
==========================================

Vulnerability Summary
---------------------
Problem:                The Netware 6 Remote Manager, which is a
                        web-based interface for managing the
                        server, has a buffer overflow condition.

Threat:                 An attacker could cause the HTTPSTK.NLM
                        or SERVER.NLM to ABEND, or possibly execute
                        arbitrary code.

Affected Software:      Netware 6 Remote Manager.

Platform:               Netware 6 and Netware 6 SP1.

Solution:               Install the patch for Netware 6 Remote
                        manager, whenever Novell decide to publish
                        it, or disable the NLM.

Vulnerability Description
-------------------------
The Netware 6 Remote Manager listens to port 8009 by default and is
to be accessed using a SSL capable webbrowser. The NLM handling this
is the HTTPSTK.NLM. The buffer overflow condition occures when the
basic authentication fields are supplied with a long username or
password. Depending on the length of the username and/or password
supplied, there server will ABEND in either the SERVER.NLM or the
HTTPSTK.NLM. The first condition occurs when the server is trying to
free memory which has been overwritten by the username. Eg. The
server is trying to free 0x00000041, when the buffer has been
filled with 595 'A's. This abend occurs in the SERVER.NLM.
The second condition is within the HTTPSTK.NLM itself and occurs
in a CMP where the EAX register contains 0x41414141. It is triggered
by 626 characters. Supplying even more characters > 1565 the browser
will respond with document contains no data, however the server will
not ABEND. We have not dug deeper in to the conditions to see if they
are exploitable or not.


Additional Information
----------------------
Novell was contacted 20020314, however they decided not to reply.

This vulnerability was found by
patrik.karlsson@ixsecurity.com
jonas.landin@ixsecurity.com



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC