|Check Point Reference:||CPAI-2009-429|
|Date Published:||6 Apr 2010|
|Last Updated:||7 Mar 2017|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Netware is a network operating system developed by Novell. It provides file sharing and other services such as printing and email. With the inception of the version 3, and the availability of 80386 CPUs, Novell introduced the NLM, or the NetWare Loadable Module architecture. This allowed the dynamic addition and removal of functionality such as antivirus, backup and database programs to the networking environment. It also enabled third party developers to create customized applications for NetWare. Some examples of NLMs are applications such as GroupWise, OS libraries, such as PKERNEL.NLM and utilities such as PING.A buffer overflow vulnerability exists in Novell NetWare NFS Portmapper daemon. The vulnerability is due to a boundary error when handling RPC calls. Unauthenticated attackers can exploit this vulnerability by sending crafted RPC calls to a vulnerable Novell NetWare system.Successful exploitation would allow for arbitrary code injection and execution with the privileges of the vulnerable daemon program. The behavior of the target system is dependent on the malicious code.An unsuccessful code execution attempt can lead to abnormal termination of the vulnerable daemon program, and potentially crash the target system.|
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: SUN-RPC Enforcement Protection.
Attack Information: Novell NetWare NFS Portmapper RPC Module Stack Overflow