Novell NetWare Remote Manager httpstk.nlm Multiple Field Remote Overflow

2002-04-02T05:56:57
ID OSVDB:19752
Type osvdb
Reporter Patrik Karlsson(patrik.karlsson@ixsecurity.com)
Modified 2002-04-02T05:56:57

Description

Vulnerability Description

A remote overflow exists in Novell NetWare. The 'HTTPSTK.NLM' module of the NetWare Remote Manager fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Novell NetWare. The 'HTTPSTK.NLM' module of the NetWare Remote Manager fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.novell.com/ Vendor Specific Advisory URL Security Tracker: 1004013 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0001.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0088.html ISS X-Force ID: 8736 CVE-2002-2096 Bugtraq ID: 4405