Vulnerability CVE-2010-0317
Published: 2010-01-15   Modified: 2012-02-13

Description:
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Novell Netware CIFS And AFP Remote Memory Consumption DoS
Protek Research ...
18.01.2010

Type:

CWE-399

 (Resource Management Errors)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Novell -> Netware 

 References:
http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html
http://www.exploit-db.com/exploits/11009
http://www.securityfocus.com/archive/1/508731/100/0/threaded
http://www.securityfocus.com/bid/37616
http://www.securitytracker.com/id?1023400
http://www.vupen.com/english/advisories/2010/0041
https://exchange.xforce.ibmcloud.com/vulnerabilities/55389
Copyright 2024, cxsecurity.com

 

Back to Top