Check Point Advisories

Novell NetWare NFS Portmapper RPC Module Stack Overflow

Check Point Reference: CPAI-2009-429
Date Published: 6 Apr 2010
Severity: High
Last Updated: 7 Mar 2017
Protection Provided by:

Security Gateway
R80, R77, R76, R75

Who is Vulnerable?
Vulnerability Description Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. With the inception of the version 3, and the availability of 80386 CPUs, Novell introduced the NLM, or the NetWare Loadable Module architecture. This allowed the dynamic addition and removal of functionality such as antivirus, backup and database programs to the networking environment. It also enabled third party developers to create customized applications for NetWare. Some examples of NLMs are applications such as GroupWise, OS libraries, such as PKERNEL.NLM and utilities such as PING.A buffer overflow vulnerability exists in Novell NetWare NFS Portmapper daemon. The vulnerability is due to a boundary error when handling RPC calls. Unauthenticated attackers can exploit this vulnerability by sending crafted RPC calls to a vulnerable Novell NetWare system.Successful exploitation would allow for arbitrary code injection and execution with the privileges of the vulnerable daemon program. The behavior of the target system is dependent on the malicious code.An unsuccessful code execution attempt can lead to abnormal termination of the vulnerable daemon program, and potentially crash the target system.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R76 / R75

  1. In the IPS tab, click Protections and find the Novell NetWare NFS Portmapper RPC Module Stack Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:

Attack Name:  SUN-RPC Enforcement Protection.
Attack Information:  Novell NetWare NFS Portmapper RPC Module Stack Overflow

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO