SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Networking Stack (NetWare)  >   NetWare Vendors:   Novell
Novell NetWare Client Has Buffer Overflows in the Resolution of Long Host Names
SecurityTracker Alert ID:  1004239
SecurityTracker URL:  http://securitytracker.com/id/1004239
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 8 2002
Impact:   Execution of arbitrary code via local system

Version(s): Client 4.83
Description:   cqure.net reported several buffer overflow vulnerabilities in the Novell NetWare client for Windows. The impact of these vulnerabilities was not stated.

It is reported that buffer overflows can be triggered through commands that invoke name resolution, such as ping, traceroute, rexec, and rsh.

A local user can can reportedly execute a ping command with a long hostname to cause an access violation to occur.

The report does not indicate if code execution is feasible or not. It appears that exploitation is limited to the local system. However, a remote user could convince a target (victim) user to execute an affected command to trigger the overflow.

The vendor has reportedly been notified.

Impact:   The impact appears to be limited to the local execution of arbitrary code which would only yield the same privileges as the local user already had. If a remote user could get a target (victim) user to execute one of the affected commands with a long hostname, the target system could crash. It is not clear if the remote user could cause arbitrary code to be executed to gain access to the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.novell.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  cqure.net.20020412.netware_client.a



cqure.net Security Vulnerability Report
No: cqure.net.20020412.netware_client.a
========================================

Vulnerability Summary
---------------------
Problem:           Multiple buffer overflow conditions exist in the
                   Novell Netware client for Windows.

Threat:            An attacker could crash any software relying on
                   name resolution, like ping, traceroute, rexec
                   and rsh.

Affected Software: Novell Netware Client 4.83.

Platform:          Windows 2000/XP verified.

Vulnerability Description
-------------------------
If one would run the command ping with a long hostname an access
violation would occur. Depending on the length of the hostname the
program will crash in different locations. This might be interesting
in a WTS or Citrix environment. We have looked very briefly at the
problem and therefore can't comment on the impact of this issue.

Solution
--------
Install patch from Novell as soon as it becomes available.

Additional Information
----------------------
Novell was contacted 20020412.

This vulnerability was found and researched by
patrik.karlsson@se.pwcglobal.com
jonas.landin@ixsecurity.com

This document is also available at: http://www.cqure.net/advisories/


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC