Bugtraq mailing list archives
cqure.net.20020521.netware_nwftpd_fmtstr
From: "Patrik Karlsson" <patrik () cqure net>
Date: Tue, 25 Jun 2002 18:52:57 -0100 (GMT+1)
cqure.net Security Vulnerability Report No: cqure.net.20020521.netware_nwftpd_fmtstr ============================================ Vulnerability Summary --------------------- Problem: The Netware FTP server has a DOS vulnerability. Threat: An attacker could cause the FTP server to ABEND resulting in a DOS where the whole server has to be restarted to regain full functionality. Affected Software: Novell Netware FTP server. Platforms: Netware 6.0 verified SP 1 + NWFTPD update. Solutions: Install patches from Novell as soon as they become available. Vulnerability Description ------------------------- The Netware FTP server has a formatstring condition which can be triggered by issuing format strings as login username. This will cause the server to ABEND. For the FTP server to regain full functionality a complete reboot has to be done. Additional Information ---------------------- Novell was contacted 20020521. This vulnerability was found by Patrik Karlsson & Jonas Ländin patrik () cqure net jonas () cqure net This document is also available at: http://www.cqure.net/advisories/
Current thread:
- cqure.net.20020521.netware_nwftpd_fmtstr Patrik Karlsson (Jun 25)