Skip to main content

Novell NetWare "CIFS.NLM" SMB Request Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 18 Jun 2010 5420 Views

RISK: Medium Risk

A vulnerability has been identified in Novell NetWare, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error in the "CIFS.NLM" driver when processing SMB "Sessions Setup AndX" packets containing an overly long "AccountName" field, which could be exploited by remote unauthenticated attackers to crash an affected system or execute arbitrary code with elevated privileges.


Impact

  • Remote Code Execution

System / Technologies affected

  • Novell NetWare version 6.5 SP8 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patch :
http://download.novell.com/Download?buildid=tMWCI1cdI7s~


Vulnerability Identifier

  • No CVE information is available

Source


Related Link