SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Questions?
Want to learn about SecurityTracker? We've got answers to frequently asked questions right here
Sign Up!





Category:  Application (Generic)  >  Dhcp Vendors:  Novell
NetWare DHCP Server Can Be Rebooted By Remote Users Issuing Malformed DHCP Requests
SecurityTracker Alert ID:  1004629
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 25 2002
Impact:  Denial of service via network
Advisory:  cqure.net
Description:  cqure.net reported a denial of service vulnerability in the NetWare DHCP server. A remote user can cause the NetWare server to reboot.

It is reported that the DHCP server contains several buffer overflows. A remote user can send certain oversized "non-standard" requests to the DHCP server to cause it to reboot.

The vendor has reportedly been notified.

cqure.net credis Patrik Karlsson & Jonas Landin with discovering this flaw.
Impact:  A remote user can cause the NetWare server to reboot.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.novell.com/ (Links to External Site)
Cause:  Exception handling error
Reported By:  Patrik Karlsson <patrik@cqure.net>
Message History:   None.

 Source Message Contents
Date:  Tue, 25 Jun 2002 18:49:33 -0100 (GMT+1)
From:  Patrik Karlsson <patrik@cqure.net>
Subject:  [VulnWatch] cqure.net.20020604.netware_dhcpsrvr

 

cqure.net Security Vulnerability Report
No: cqure.net.20020604.netware_dhcpsrvr
=======================================

Vulnerability Summary
---------------------
Problem:                The Netware DHCP server has a DOS
                        vulnerability.

Threat:                 An attacker could cause the Netware server
                        to reboot, simple by issueing a
                        "non-standard" dhcp request.

Affected Software:      Novell Netware FTP server.

Platforms:              Netware 6.0 verified SP 1.

Solutions:              Install patches from Novell as soon as
                        they become available.


Vulnerability Description
-------------------------
The DHCP server suffers from multiple bufferoverflows which can be
triggered by sending oversized "non-standard" requests to the DHCP
server.

Additional Information
----------------------
Novell was contacted 20020604.

This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik@cqure.net
jonas@cqure.net

This document is also available at: http://www.cqure.net/advisories/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC