Full Disclosure mailing list archives
Re: Vulnerabilities in Client Service for NetWare
From: <daylasoul () hush com>
Date: Fri, 17 Nov 2006 00:54:19 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 16 Nov 2006 14:48:25 -0600 El Camino <elcamino74ss () gmail com> wrote:
This isn't AVERT's first published vuln. Most security professionals do list some certs and sigs. Don't take it out on him if you got kicked out of school or can't pass the A+ exam. On 11/16/06, Cyrus Grissom <cyrus_grissom () hushmail com> wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 interesting....i didnt know that avert was in the business of publishing vunls...dont recall seeing any others? first time? i dont remember seeing it in my 'McAfee Avert Labs Threat News'alert? would have been nice... and what the hell is this, "Dave Marcus, B.A., CCNA, MCSE"? are you letting everyone know that you have a bachelor's of arts degree? a "Security Research and Communications Manager" who advertises that he has a ba, a ccna and a mcse...you're such a schmuck....how about a high school diploma, do you want to letusknow about that too? go play with your blog or something...... - -c On Thu, 16 Nov 2006 11:25:38 -0500 David_Marcus () McAfee comwrote:McAfee, Inc. McAfee(r) Avert(r) Labs Security Advisory Public Release Date: 2006-11-16 Vulnerabilities in Client Service for NetWare CVE-2006-4688, CVE-2006-4689________________________________________________________________________ _______ * Synopsis The Client Service for NetWare (CSNW) allows a Windows clienttoaccess NetWare file, print, and directory services. Successful exploitation could lead to execution of arbitrarycodeor cause the affected system to stop responding.________________________________________________________________________ _______ * Vulnerable System or Application Microsoft Windows 2000 Service Pack 4 Microsoft Windows XP Service Pack 2 Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1________________________________________________________________________ _______ * Vulnerability Information CVE-2006-4688 A boundary error in Client Service for Netware (CSNW) can be exploited to cause a buffer overflow via a specially crafted networkmessagesent to the system. Successful exploitation allows execution of arbitrary code and an attacker could remotely take complete control oftheaffected system. CVE-2006-4689 A denial of service vulnerability exists in Client Service for NetWare (CSNW) that could allow an attacker to send a specially crafted network message to an affected system running the Client Service for NetWare service. An attacker could cause the system to stop respondingandautomatically restart thus causing the affected system to stop accepting requests.________________________________________________________________________ _______ * Resolution Microsoft has included fixes for the Client Service for Netware (CSNW) issues in the November 2006 Security Bulletin MS06-066 for affected Windows platforms.________________________________________________________________________ _______ * Credits These vulnerabilities were discovered by Sam Arun Raj of McAfee Avert Labs.________________________________________________________________________ _______ * Legal Notice Copyright (C) 2006 McAfee, Inc. The information contained within this advisory is provided fortheconvenience of McAfee's customers, and may be redistributed provided that no fee is charged for distribution and that the advisoryisnot modified in any way. McAfee makes no representations orwarrantiesregarding the accuracy of the information referenced in this document, or the suitability of that information for your purposes. McAfee, Inc. and McAfee Avert Labs are registered Trademarks of McAfee, Inc. and/or its affiliated companies in the United Statesand/orother Countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. Best regards, Dave Marcus, B.A., CCNA, MCSE Security Research and Communications Manager McAfee(r) Avert(r) Labs (443) 321-3771 Office (443) 668-0048 Mobile McAfee Threat Center <http://www.mcafee.com/us/threat_center/default.asp> McAfee Avert Labs Research Blog <http://www.avertlabs.com/research/blog> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-----BEGIN PGP SIGNATURE----- Note: This signature can be verified athttps://www.hushtools.com/verifyVersion: Hush 2.5wkYEARECAAYFAkVcqU8ACgkQUZmP8t5Ad2MnKgCgqc4gMUcV2fNoWaz7uUEgdX5CfKA An01HkOEaV3XV7SvYimqdujz1FeIX =ccXv -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Please take disagreements, flames, and arguments off the list if possible. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.5 wpwEAQECAAYFAkVdXJsACgkQ3AEcWsxdEQ6bDgQAlXCr782U0wo75AODu9WmQNSlugf4 ocp+ZwhcNZ3CRz3gihDcIR++JqqUQMvpwE+Cl6nU/1j6hRnS4ELQrVRn1nNgg/tcH473 jlI3tDeicLyoNuhHRql9JAiQA2kKHjdO5Go7m0m1rrKkmRCGPiLBlDkigX8RC4Kg1l+x 1FjOrPs= =33G8 -----END PGP SIGNATURE----- Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vulnerabilities in Client Service for NetWare David_Marcus (Nov 16)
- <Possible follow-ups>
- Re: Vulnerabilities in Client Service for NetWare Cyrus Grissom (Nov 16)
- Re: Vulnerabilities in Client Service for NetWare El Camino (Nov 16)
- Re: Vulnerabilities in Client Service for NetWare Dave "No, not that one" Korn (Nov 17)
- Re: Vulnerabilities in Client Service for NetWare daylasoul (Nov 16)
- Re: Vulnerabilities in Client Service for NetWare Dave "No, not that one" Korn (Nov 17)
- Re: Vulnerabilities in Client Service for NetWare daylasoul (Nov 17)
- Re: Vulnerabilities in Client Service for NetWare Dave "No, not that one" Korn (Nov 19)