MS-RPC: Netware CIFS LSASS Overflow

This signature detects attempts to exploit a known vulnerability in the Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the kernel. It is also suspected to be used by the worm.rbot.ccc worm.

Extended Description

Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.

Affected Products

Novell netware

References

CVE: CVE-2005-2852

Short Name
MS-RPC:LSASS:NETWARE-CIFS-OF
Severity
Major
Recommended
False
Recommended Action
None
Category
MS-RPC
Keywords
CIFS CVE-2005-2852 LSASS Netware Overflow
Release Date
08/03/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Occasionally
Vendors

Novell

CVSS Score

5.0

Found a potential security threat?