SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (File Transfer/Sharing)  >  NetWare FTP Server Vendors:  Novell
NetWare FTP Server Format String Flaw Lets Remote Users Crash the Entire Server
SecurityTracker Alert ID:  1004628
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 25 2002
Impact:  Denial of service via network
Exploit Included:  Yes  
Advisory:  cqure.net
Version(s): NetWare 6.0 SP1 + NWFTPD Update
Description:  cqure.net issued a security vulnerability report for the NetWare FTP Server. A remote user could cause the FTP server and the underlying NetWare operating system to crash.

A remote user can send a specially crafted login username to trigger a format string bug and cause the server to ABEND (exit abnormally). This will require that the entire server be restarted to regain full functionality.

The vendor has reportedly been notified.

cqure.net credits Patrik Karlsson & Jonas Landin with discovering the flaw.
Impact:  A remote user can cause the NetWare server to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.novell.com/ (Links to External Site)
Cause:  Input validation error
Reported By:  "Patrik Karlsson" <patrik@cqure.net>
Message History:   None.

 Source Message Contents
Date:  Tue, 25 Jun 2002 14:54:25 -0400
From:  "Patrik Karlsson" <patrik@cqure.net>
Subject:  cqure.net.20020521.netware_nwftpd_fmtstr

 



cqure.net Security Vulnerability Report
No: cqure.net.20020521.netware_nwftpd_fmtstr
============================================

Vulnerability Summary
---------------------
Problem:                The Netware FTP server has a DOS
                        vulnerability.

Threat:                 An attacker could cause the FTP server
                        to ABEND resulting in a DOS where the
                        whole server has to be restarted to
                        regain full functionality.

Affected Software:      Novell Netware FTP server.

Platforms:              Netware 6.0 verified SP 1 + NWFTPD update.

Solutions:              Install patches from Novell as soon as
                        they become available.


Vulnerability Description
-------------------------
The Netware FTP server has a formatstring condition which can be
triggered by issuing format strings as login username. This will
cause the server to ABEND. For the FTP server to regain full
functionality a complete reboot has to be done.

Additional Information
----------------------
Novell was contacted 20020521.

This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik@cqure.net
jonas@cqure.net

This document is also available at: http://www.cqure.net/advisories/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC