Lucene search
RootSSV:19361HistoryMar 30, 2010 - 12:00 a.m.
Novell Netware FTP Remote Stack Overflow
2010-03-3000:00:00
Root
www.seebug.org
12
0.309 Low
EPSS
Percentile
96.5%
No description provided by source.
#####################################################################################
Application: Novell Netware FTP Remote Stack Overflow
Platforms: Novell Netware 6.5 SP8
Exploitation: Remote Code Execution
CVE Number: CVE-2010-0625
Novell TID: 3238588
Discover Date: 2009-07-23
Author: Francis Provencher (Protek Research Lab's)
Blog: http://www.protekresearchlab.com/
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) The Code
#####################################################################################
===============
1) Introduction
===============
Novell, Inc. is a global software and services company based in
Waltham, Massachusetts. The company specializes in enterprise
operating systems, such as SUSE
Linux Enterprise and Novell NetWare; identity, security, and systems
management solutions; and collaboration solutions, such as Novell
Groupwise and Novell
Pulse.
Novell was instrumental in making the Utah Valley a focus for
technology and software development. Novell technology contributed to
the emergence of local
area networks, which displaced the dominant mainframe computing model
and changed computing worldwide. Today, a primary focus of the company
is on developing
open source software for enterprise clients.
(http://en.wikipedia.org/wiki/Novell)
#####################################################################################
============================
2) Report Timeline
============================
2010-01-25 Vendor Contact
2010-01-26 Vendor repsonse
2010-03-26 Coordinate release of this advisory
#####################################################################################
============================
3) Technical details
============================
It's possible to overflow the stack and rewrite the EIP by sending a
mkdir and a rmdir request with these special caracters "~A/" 320 time.
The nlm version;
NWFTPD.nlm
Netware FTP Server
Version 5.09.03 October 14 2008
The register;
Abend 1 on P00: Server-5.70.08: Page Fault Processor Exception (Error
code 00000000)
Registers:
CS = 0008 DS = 0023 ES = 0023 FS = 0023 GS = 0023 SS = 0010
EAX = 00000238 EBX = 7E2F417E ECX = 55AA08D4 EDX = 00000001
ESI = 2F417E2F EDI = 429980C0 EBP = 417E2F41 ESP = A94A9FA4
EIP = 007E2F41 FLAGS = 00010282
Address (0x007E2F41) exceeds valid memory limit
EIP in UNKNOWN memory area
Access Location: 0x007E2F41
#####################################################################################
===========
4) The Code
===========
This issue can be trigger manually
#####################################################################################
(PRL-2010-03)
Related
cve
cve
CVE-2010-0625
2010-04-05 16:30:00
CVE-2010-4228
2011-03-22 17:55:00
checkpoint_advisories
checkpoint_advisories
Novell Netware FTP Server Remote Stack Buffer Overflow (CVE-2010-0625)
2010-05-02 00:00:00
securityvulns
securityvulns
ZDI-10-062: Novell Netware NWFTPD RMD/RNFR/DELE Argument Parsing Remote Code Execution Vulnerabilities
2010-04-06 00:00:00
{PRL} Novell Netware FTP Remote Stack Overflow
2010-03-31 00:00:00
Novell Netware FTP server buffer overflow
2011-03-23 00:00:00
prion
prion
Stack overflow
2010-04-05 16:30:00
Stack overflow
2011-03-22 17:55:00
zdi
zdi