Lucene search

K

netscape.netware.txt

🗓️ 27 Jun 2000 00:00:00Reported by VigilanteType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 12 Views

Netscape Enterprise Server for NetWare vulnerable to denial of service via malformed URLs.

Show more
Code
`Netscape Enterprise Server for NetWare Virtual Directory Vulnerability  
  
Advisory Code: VIGILANTE-2000001  
  
Release Date:  
June 26, 2000  
  
Systems Affected:  
NetWare 5.1 prior to support pack 1  
NetWare 5.0 - all support packs  
Possibly older versions of NetWare as well (not tested)  
  
THE PROBLEM  
By issuing a malformed URL it is possible to cause a denial of service  
situation and/or execute arbitrary code on the server with the privileges of  
the web server. Here is a snippet from the log file to  
illustrate.  
  
Server XXXXXXXX halted XXXXX, XX March 2000 13.13.00  
Abend 8 on P00: Server-5.00d: Page Fault Processor Exception (Error code  
00000000)  
  
Registers:  
CS = 0008 DS = 0010 ES = 0010 FS = 0010 GS = 0010 SS = 0010  
EAX = 00000000 EBX = 61616161 ECX = 00000000 EDX = D6C175C0  
ESI = 61616161 EDI = 61616161 EBP = 61616161 ESP = D48F2F94  
EIP = 61616161 FLAGS = 00010286  
Address (61616161) exceeds valid memory limit  
EIP in UNKNOWN memory area  
Access Location: 0x61616161  
  
Running process: NS Web Thread 7 Process  
Created by: NetWare Application  
Thread Owned by NLM: NSHTTPD.NLM  
Stack pointer: D48F31B4  
OS Stack limit: D48E3480  
Scheduling priority: 67371008  
Wait state: 5050090 (Wait for interrupt)  
Stack: --61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
--61616161 ?  
  
The immediate effect of the problem if abused as denial of service is that  
all "executables" cease to respond, that is, /cgi-bin/, /lcgi/, /netbasic/,  
/perl/ etc., but as you can see, the EIP has been overwritten as well as the  
entire stack.  
  
Vendor Status:  
Informed around the beginning of April this year  
  
Fix:  
Novell has released a patch included in NetWare 5.1 Support Pack 1.  
Export(56 bit) URL:  
http://support.novell.com/cgi-bin/search/tidfinder.cgi?2956734  
Domestic(128 bit) URL:  
http://support.novell.com/cgi-bin/search/tidfinder.cgi?2956733  
  
Vendor URL: http://www.novell.com  
Program URL: http://www.novell.com/products/netscape_servers/  
  
Copyright VIGILANTe 2000-06-26  
  
Disclaimer:  
The information within this document may change without notice. Use of  
this information constitutes acceptance for use in an AS IS  
condition. There are NO warranties with regard to this information.  
In no event shall the author be liable for any consequences whatsoever  
arising out of or in connection with the use or spread of this  
information. Any use of this information lays within the user's  
responsibility.  
  
Feedback:  
Please send suggestions, updates, and comments to:  
  
VIGILANTe  
mailto: [email protected]  
http://www.vigilante.com  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Jun 2000 00:00Current
7.4High risk
Vulners AI Score7.4
12
.json
Report