OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Patrik Karlsson (patrikcqure.net)
Date: Tue Jun 25 2002 - 14:53:38 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    cqure.net Security Vulnerability Report
    No: cqure.net.20020521.netware_nwftpd_fmtstr
    ============================================

    Vulnerability Summary
    ---------------------
    Problem: The Netware FTP server has a DOS
                            vulnerability.

    Threat: An attacker could cause the FTP server
                            to ABEND resulting in a DOS where the
                            whole server has to be restarted to
                            regain full functionality.

    Affected Software: Novell Netware FTP server.

    Platforms: Netware 6.0 verified SP 1 + NWFTPD update.

    Solutions: Install patches from Novell as soon as
                            they become available.

    Vulnerability Description
    -------------------------
    The Netware FTP server has a formatstring condition which can be
    triggered by issuing format strings as login username. This will
    cause the server to ABEND. For the FTP server to regain full
    functionality a complete reboot has to be done.

    Additional Information
    ----------------------
    Novell was contacted 20020521.

    This vulnerability was found by
    Patrik Karlsson & Jonas Lšndin
    patrikcqure.net
    jonascqure.net

    This document is also available at: http://www.cqure.net/advisories/