Netware 5.1 Remote Administration Buffer Overflow Vulnerability
BID:1118
Info
Netware 5.1 Remote Administration Buffer Overflow Vulnerability
| Bugtraq ID: | 1118 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 19 2000 12:00AM |
| Updated: | Apr 19 2000 12:00AM |
| Credit: | Posted to Bugtraq on April 19, 2000 by Michal Zalewski <[email protected]>. |
| Vulnerable: |
Novell Netware 5.1 |
| Not Vulnerable: | |
Discussion
Netware 5.1 Remote Administration Buffer Overflow Vulnerability
The Netware Remote Administration utility can be compromised to allow arbitrary code to be remotely run on the server.
The Remote Administration server is basically a simple webserver, and if sent a GET request of between 4 and 8 kb, some of the data gets written to executable registers.
Even without executable code being sent, this can lead to a DoS as although the server will not crash, the connection will not be aborted or cleaned. Therefore, these failed requests can be made repeatedly until the TCP/IP subsystem will no longer accept connection requests.
The Netware Remote Administration utility can be compromised to allow arbitrary code to be remotely run on the server.
The Remote Administration server is basically a simple webserver, and if sent a GET request of between 4 and 8 kb, some of the data gets written to executable registers.
Even without executable code being sent, this can lead to a DoS as although the server will not crash, the connection will not be aborted or cleaned. Therefore, these failed requests can be made repeatedly until the TCP/IP subsystem will no longer accept connection requests.
Exploit / POC
Netware 5.1 Remote Administration Buffer Overflow Vulnerability
This exploit will not run code on the target server, but will repeat the large request until the server's TCP/IP stack fails.
This exploit will not run code on the target server, but will repeat the large request until the server's TCP/IP stack fails.
Solution / Fix
Netware 5.1 Remote Administration Buffer Overflow Vulnerability
Solution:
Customers can now download the fix at http://support.novell.com/search/ff_index.htm and search for a file called PORTAL1A.EXE. This fix will also be in the next (actually first) NetWare 5.1 support pack, available soon.
The fix contains an update to the httpstk.nlm which did not handle the buffer overflow condition and hence did abend the server.
Solution:
Customers can now download the fix at http://support.novell.com/search/ff_index.htm and search for a file called PORTAL1A.EXE. This fix will also be in the next (actually first) NetWare 5.1 support pack, available soon.
The fix contains an update to the httpstk.nlm which did not handle the buffer overflow condition and hence did abend the server.
References
Netware 5.1 Remote Administration Buffer Overflow Vulnerability
References:
References: