Title: Mars NWE Format String Vulnerability
Severity: HIGH
Description:
Mars NWE is a freely available Netware emulator. It is maintained by original author Martin Stovers.
A problem with the software could allow a user to gain elevated privileges. Due to the handling of format strings by the software package, it is possible for a DOS or Windows workstation attached to the emulator to generate a custom crafted request of the system that will ultimately execute the code.
In the logging code of the program, improper handling of format strings make it possible to fill buffers, and overwrite variables on the stack including the return address. Due to this problem it is possible for a user with malicious intent to pass shell code to the program, which will result in execution of the code on the stack with the privileges inherited by the emulator program, normally run as root.
Affected Products:
- Martin Stover Mars NWE 0.99.0pl19
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
