Novell NetWare Remote Manager httpstk.nlm Multiple Field Remote Overflow
2002-04-02T05:56:57
ID OSVDB:19752 Type osvdb Reporter Patrik Karlsson(patrik.karlsson@ixsecurity.com) Modified 2002-04-02T05:56:57
Description
Vulnerability Description
A remote overflow exists in Novell NetWare. The 'HTTPSTK.NLM' module of the NetWare Remote Manager fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Solution Description
Currently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.
Short Description
A remote overflow exists in Novell NetWare. The 'HTTPSTK.NLM' module of the NetWare Remote Manager fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
References:
Vendor URL: http://www.novell.com/
Vendor Specific Advisory URL
Security Tracker: 1004013
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0001.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0088.html
ISS X-Force ID: 8736
CVE-2002-2096
Bugtraq ID: 4405
{"enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2017-04-28T13:20:16", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-2096"]}], "modified": "2017-04-28T13:20:16", "rev": 2}, "vulnersScore": 7.2}, "bulletinFamily": "software", "affectedSoftware": [{"name": "Novell NetWare", "operator": "eq", "version": "5.1"}, {"name": "Novell NetWare", "operator": "eq", "version": "6 Support Pack 1"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:19752", "id": "OSVDB:19752", "title": "Novell NetWare Remote Manager httpstk.nlm Multiple Field Remote Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "lastseen": "2017-04-28T13:20:16", "edition": 1, "reporter": "Patrik Karlsson(patrik.karlsson@ixsecurity.com)", "description": "## Vulnerability Description\nA remote overflow exists in Novell NetWare. The 'HTTPSTK.NLM' module of the NetWare Remote Manager fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Novell has released a patch to address this vulnerability.\n## Short Description\nA remote overflow exists in Novell NetWare. The 'HTTPSTK.NLM' module of the NetWare Remote Manager fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.novell.com/\n[Vendor Specific Advisory URL](http://support.novell.com/servlet/tidfinder/2962026)\nSecurity Tracker: 1004013\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0001.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-04/0088.html\nISS X-Force ID: 8736\n[CVE-2002-2096](https://vulners.com/cve/CVE-2002-2096)\nBugtraq ID: 4405\n", "modified": "2002-04-02T05:56:57", "viewCount": 1, "published": "2002-04-02T05:56:57", "cvelist": ["CVE-2002-2096"], "immutableFields": []}