Novell NetWare Web Server CGI2PERL.NLM PERL Handler Overflow

2003-07-23T09:17:46
ID OSVDB:2310
Type osvdb
Reporter Protego(), Uffe Nielsen(uni@protego.dk)
Modified 2003-07-23T09:17:46

Description

Vulnerability Description

A remote overflow exists in Netware Webserver. The Netware Webserver fails to limit the amount of data sumitted to the perl interpreter through the perl virtual directory resulting in a buffer overflow. With a specially crafted request, an attacker can cause an overflow resulting in a loss of availability.

Solution Description

Upgrade to version Netware 6 SP3 or higher, as it has been reported to fix this vulnerability. In addition, Novell has released a patch for some older versions.

Short Description

A remote overflow exists in Netware Webserver. The Netware Webserver fails to limit the amount of data sumitted to the perl interpreter through the perl virtual directory resulting in a buffer overflow. With a specially crafted request, an attacker can cause an overflow resulting in a loss of availability.

Manual Testing Notes

http://[victim]/perl/aaaaaa...[Unspecified number of characters]

References:

Vendor Specific Solution URL: http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966549.htm Other Advisory URL: http://www.protego.dk/advisories/200301.html CVE-2003-0562 CERT VU: 185593