Skip to main content

Novell NetWare XNFS "xdrDecodeString()" Code Execution Vulnerability

Last Update Date: 25 Feb 2011 16:38 Release Date: 25 Feb 2011 6373 Views

RISK: High Risk

TYPE: Operating Systems - Others OS

TYPE: Others OS

A vulnerability has been identified in Novell NetWare, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by an input validation error in the "xdrDecodeString()" function within the "XNFS.NLM" component when handling RPC requests sent to port 1234/UDP, which could be exploited by remote unauthenticated attackers to crash an affected service or execute arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • Novell NetWare version 6.5 SP8 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

  • Apply patch :

http://download.novell.com/Download?buildid=1z3z-OsVCiE~


Vulnerability Identifier


Source


Related Link