Netware 5.1 Remote Administration Buffer Overflow Vulnerability

BID:1118

Info

Netware 5.1 Remote Administration Buffer Overflow Vulnerability

Bugtraq ID: 1118
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: Yes
Published: Apr 19 2000 12:00AM
Updated: Apr 19 2000 12:00AM
Credit: Posted to Bugtraq on April 19, 2000 by Michal Zalewski <[email protected]>.
Vulnerable: Novell Netware 5.1
Not Vulnerable:

Discussion

Netware 5.1 Remote Administration Buffer Overflow Vulnerability

The Netware Remote Administration utility can be compromised to allow arbitrary code to be remotely run on the server.

The Remote Administration server is basically a simple webserver, and if sent a GET request of between 4 and 8 kb, some of the data gets written to executable registers.

Even without executable code being sent, this can lead to a DoS as although the server will not crash, the connection will not be aborted or cleaned. Therefore, these failed requests can be made repeatedly until the TCP/IP subsystem will no longer accept connection requests.

Exploit / POC

Netware 5.1 Remote Administration Buffer Overflow Vulnerability

This exploit will not run code on the target server, but will repeat the large request until the server's TCP/IP stack fails.

Solution / Fix

Netware 5.1 Remote Administration Buffer Overflow Vulnerability

Solution:
Customers can now download the fix at http://support.novell.com/search/ff_index.htm and search for a file called PORTAL1A.EXE. This fix will also be in the next (actually first) NetWare 5.1 support pack, available soon.

The fix contains an update to the httpstk.nlm which did not handle the buffer overflow condition and hence did abend the server.

References

Netware 5.1 Remote Administration Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report