Update Protection against Novell Netware FTP Server Remote Stack Buffer Overflow
| Check Point Reference: | CPAI-2010-130 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA39151 | |
| Industry Reference(s): | CVE-2010-0625 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Novell Netware 5.1 Novell Netware 6 Novell Netware 6.5 Novell NetWare FTP Server prior to 5.10.01 | ||
| Vulnerability Description A buffer overflow vulnerability exists in Novell Netware, a network operating system that provides file sharing and other services such as printing and email. The vulnerability is due to a boundary error in NWFTPD.nlm when processing the MKD and RMD FTP commands. Remote authenticated attackers can exploit this vulnerability by sending maliciously crafted commands to the affected server. |
||
|
Update/Patch Available The vendor, Novell, has released an advisory addresing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to insufficient boundary checks when processing the MKD and RMD FTP commands. Remote authenticated attackers could exploit this vulnerability by connecting to a vulnerable Netware FTP Server and sending a malicious MKD or RMD command to the target server. |
Protection Overview
The protection will detect and block FTP RMD or MKD commands accessing long pathnames starting with a ~ character.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.