Title: Novell NetWare XNFS.NLM Remote Denial Of Service Vulnerability
Severity: MODERATE
Description:
Novell NetWare is a network operating system.
Novell NetWare is prone to a remote denial-of-service vulnerability because of inadequate boundary checks.
Specifically, this issue can occur when an NFS client issues a 'mount' command to the server. If the 'path' specified in the command is greater than 508 characters, the 'XNFS.NLM' will terminate in 'rpcWorkerThread'. This can occur whenever 'XNFS.NLM' is loaded.
A remote attacker can exploit this issue to deny access to legitimate users and possibly to execute code, but this has not been confirmed.
This issue is being tracked by Novell bug number 277091.
NetWare 6.5 SP6 is vulnerable; other versions may also be affected.
Affected Products:
- Novell Netware 6.5.0 SP6
References:
- Novell: Novell Homepage
- Novell: XNFS Abend in rpcWorkerThread if nfs mount is attempted with long path
- US-CERT: Vulnerability Note VU#578105 Novell NetWare NFS denial of service vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
