Novell NetWare Client Has Buffer Overflows in the Resolution of Long Host Names
SecurityTracker Alert ID: 1004239|
SecurityTracker URL: http://securitytracker.com/id/1004239
(Links to External Site)
Date: May 8 2002
Execution of arbitrary code via local system|
Version(s): Client 4.83|
cqure.net reported several buffer overflow vulnerabilities in the Novell NetWare client for Windows. The impact of these vulnerabilities was not stated.|
It is reported that buffer overflows can be triggered through commands that invoke name resolution, such as ping, traceroute, rexec, and rsh.
A local user can can reportedly execute a ping command with a long hostname to cause an access violation to occur.
The report does not indicate if code execution is feasible or not. It appears that exploitation is limited to the local system. However, a remote user could convince a target (victim) user to execute an affected command to trigger the overflow.
The vendor has reportedly been notified.
The impact appears to be limited to the local execution of arbitrary code which would only yield the same privileges as the local user already had. If a remote user could get a target (victim) user to execute one of the affected commands with a long hostname, the target system could crash. It is not clear if the remote user could cause arbitrary code to be executed to gain access to the target user's system.|
No solution was available at the time of this entry.|
Vendor URL: www.novell.com/ (Links to External Site)
|Underlying OS: Windows (Any)|
Source Message Contents
cqure.net Security Vulnerability Report
Problem: Multiple buffer overflow conditions exist in the
Novell Netware client for Windows.
Threat: An attacker could crash any software relying on
name resolution, like ping, traceroute, rexec
Affected Software: Novell Netware Client 4.83.
Platform: Windows 2000/XP verified.
If one would run the command ping with a long hostname an access
violation would occur. Depending on the length of the hostname the
program will crash in different locations. This might be interesting
in a WTS or Citrix environment. We have looked very briefly at the
problem and therefore can't comment on the impact of this issue.
Install patch from Novell as soon as it becomes available.
Novell was contacted 20020412.
This vulnerability was found and researched by
This document is also available at: http://www.cqure.net/advisories/