NetWare CIFS and AFP Protocol Processing Flaws Let Remote Users Deny Service - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Generic) > NetWare

Vendors: Novell

NetWare CIFS and AFP Protocol Processing Flaws Let Remote Users Deny Service

SecurityTracker Alert ID: 1023400

SecurityTracker URL: http://securitytracker.com/id/1023400

CVE Reference: CVE-2010-0317 (Links to External Site)

Updated: Jan 19 2010

Original Entry Date: Jan 6 2010

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 6.5 SP8

Description: A vulnerability was reported in NetWare. A remote user can cause denial of service conditions.

A remote user can send a large number of specially crafted requests via CIFS or AFP to cause the target service to consume excessive memory and eventually cause the target server to crash.

The following module versions are affected:

CIFS.nlm Semantic Agent (Build 163 MP)
Version 3.27 November 13, 2008

AFPTCP.nlm Build 163 SP
Version 3.27 November 13, 2008

The vendor was notified on December 21, 2009.

The advisory is available at:

http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html

Francis Provencher of Protek Research Lab reported this vulnerability.

Impact: A remote user can cause the target server to crash.

Solution: No solution was available at the time of this entry.

Vendor URL: www.novell.com/ (Links to External Site)

Cause: Resource error

Message History: None.

Source Message Contents


[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2020, SecurityGlobal.net LLC