NetWare CIFS and AFP Protocol Processing Flaws Let Remote Users Deny Service
|
SecurityTracker Alert ID: 1023400 |
SecurityTracker URL: http://securitytracker.com/id/1023400
|
CVE Reference:
CVE-2010-0317
(Links to External Site)
|
Updated: Jan 19 2010
|
Original Entry Date: Jan 6 2010
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): 6.5 SP8
|
Description:
A vulnerability was reported in NetWare. A remote user can cause denial of service conditions.
A remote user can send a large number of specially crafted requests via CIFS or AFP to cause the target service to consume excessive memory and eventually cause the target server to crash.
The following module versions are affected:
CIFS.nlm Semantic Agent (Build 163 MP)
Version 3.27 November 13, 2008
AFPTCP.nlm Build 163 SP
Version 3.27 November 13, 2008
The vendor was notified on December 21, 2009.
The advisory is available at:
http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html
Francis Provencher of Protek Research Lab reported this vulnerability.
|
Impact:
A remote user can cause the target server to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.novell.com/ (Links to External Site)
|
Cause:
Resource error
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|