Firm warns of NetWare security hole

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2002/0404nwpatch.html

By Deni Connor
Network World Fusion, 04/04/02

IT managers of NetWare 5.1 and NetWare 6 networks need to be aware of
a vulnerability in the operating system that makes it subject to
intrusions that could cause the system to crash.

IXSecurity.com, an IT security firm, reported Thursday that NetWare
5.1 and 6 are vulnerable to a buffer overflow condition that could
affect server operation.

Both operating systems can be attacked through the NetWare 6 Remote
Manager utility, also called the Portal NLM (NetWare Loadable Module),
a Web-based server management interface.

With scripts or just the correct combination of keystrokes, intruders
could cause servers to crash or abend (Abnormal End), or they could
execute code on the server.

IXSecurity claims it notified Novell last month about the problem and
Novell failed to respond. IXSecurity suggests that users disable the
NetWare Remote Manager NLM called HTTPSTK.NLM until Novell issues a
patch.

The vulnerability occurs when an intruder enters a username or
password that is too long when prompted by the NetWare Remote Manager
utility.

Novell indicates it will have a patch for this vulnerability as soon
as Friday. The patch, which should be applied to all NetWare 5.1 and 6
servers, can be downloaded from the technical patch site, located at
http://support.novell.com/misc/patlst.htm. The patch will also be
added into the next Novell support pack.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.