SuSE 10 Security Update : pure-ftpd, pure-ftpd-debuginfo (ZYPP Patch Number 7724)

The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. CVE-2011-3171 Additionally the following bugs have been...

SuSE 11.1 Security Update : pure-ftpd (SAT Patch Number 5091)

The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. CVE-2011-3171 Additionally the following bugs have been...

CVE-2011-4191

Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service abend or NFS outage via long packets...

CVE-2011-4191

CVE-2011-4191 describes a stack-based (XNFS.NLM) buffer overflow in Novell NetWare 6.5 SP8’s xdrDecodeString, allowing remote attackers to execute arbitrary code or trigger a denial of service via crafted long packets. Connected sources reinforce the same description across Red Hat, Checkpoint ad...

CVE-2011-4191

Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service abend or NFS outage via long packets...

Novell Netware "XNFS.NLM"组件"xdrDecodeString()"远程缓冲区溢出漏洞

BUGTRAQ ID: 50804 CVE ID: CVE-2011-4191 Novell Netware是一款商业性质的网络操作系统。 Novell Netware在处理某些NFS请求时，XNFS.NLM中的"xdrDecodeString"函数在实现上存在错误，可被恶意用户通过发送特制的数据报造成栈缓冲区溢出，执行任意代码，控制受影响系统。 Novell Netware 6.5.0 SP8 厂商补丁： Novell ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://support.novell.com/security-alerts...

Directory traversal

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...

CVE-2011-3171

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...

CVE-2011-3171

Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors...

CVE-2011-3171

CVE-2011-3171 affects pure-ftpd with the Netware OES remote server feature enabled, on SUSE Linux Enterprise Server (and possibly other OSes). The issue is a directory traversal that allows local users to overwrite arbitrary files via unknown vectors. Affected component is the OES Netware add-ons...

SuSE 10 Security Update : pure-ftpd (ZYPP Patch Number 7723)

The OES Netware add-ons in pure-ftpd had a security problem and some bugs, which are fixed by this update. A local attacker could overwrite local files when the OES remote server feature of pure-ftpd is enabled due to a directory traversal. CVE-2011-3171 Additionally the following bugs have been...

Novell NetWare 6.5 OpenSSH Remote Stack Buffer Overflow

The version of OpenSSH running on the remote Novell NetWare host has a stack-based buffer overflow vulnerability. When attempting to resolve an absolute path on the server, data is copied into a 512 byte buffer without any bounds checking. A remote, authenticated attacker could exploit this to...

Novell NetWare 6.5 Support Pack 1.1 Admin/Install Local Information Disclosure

According to the list of enumerated software packages, the version of Novel NetWare installed on the remote host may have an information disclosure vulnerability. Admin/install passwords are stored in the NIOUTPUT.TXT and NI.LOG installation log files. A local attacker could exploit this to gain...

Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2

Luigi Auriemma Application: Novell ZenWorks Handheld Management http://www.novell.com/products/zenworks/handhelds/ Versions: = 7.0.2.61213 Platforms: Windows, Linux, NetWare Bug: upload directory traversal Exploitation: remote, versus server Date: 27 Jun 2011 found 25 Apr 2011 Author: Luigi...

Off-by-one in Sybase Advantage Server 10.0.0.3

Luigi Auriemma Application: Sybase Advantage Server http://www.sybase.com/products/databasemanagement/advantagedatabaseserver Versions: = 10.0.0.3 Platforms: Windows, NetWare, Linux Bug: off-by-one Exploitation: remote, versus server Date: 27 Jun 2011 found 29 Oct 2010 Author: Luigi Auriemma...

Sybase Advantage Server 10.0.0.3 - ADS Process Off-by-One Buffer Overflow

Sybase Advantage Server 10.0.0.3 - ADS Process Off-by-One Buffer Overflow source: https://www.securityfocus.com/bid/48464/info Sybase Advantage Server is prone to an off-by-one buffer-overflow vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the...

Sybase Advantage Server 10.0.0.3 - 'ADS' Process Off-by-One Buffer Overflow

source: https://www.securityfocus.com/bid/48464/info Sybase Advantage Server is prone to an off-by-one buffer-overflow vulnerability. Attackers may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts may result in a denial-of-servic...

broadcast-novell-locate NSE Script

Attempts to use the Service Location Protocol to discover Novell NetWare Core Protocol NCP servers. Example Usage nmap -sV --script=broadcast-novell-locate Script Output Pre-scan script results: | broadcast-novell-locate: | Tree name: CQURE-LABTREE | Server name: linux-l84t | Addresses |...

Novell Netware XNFS.NLM Stack Buffer Overflow (CVE-2010-4227)

Novell Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. A stack buffer overflow vulnerability exists in Novell Netware product. A remote attacker could trigger this flaw by sending a malicious NFS RPC request to the...

Novell Netware AFP Remote Denial of Service

Novell Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. A denial of service vulnerability exists in Novell Netware. An attacker could consistently attack a target system, making it difficult, or impossible, to use t...