exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

netware.perl.txt

netware.perl.txt
Posted Jul 23, 2003
Authored by Uffe Nielsen | Site protego.dk

The Netware 5.1 SP6 suffers from a buffer overflow in the web server PERL handler CGI2PERL.NLM which will cause a denial of service situation. CERT: VU# 185593.

tags | advisory, web, denial of service, overflow, perl
advisories | CVE-2003-0562
SHA-256 | fe0de70876ed6743218b3c34d52b1cccb867bd93640ab254fbe70590d1973c6e

netware.perl.txt

Change Mirror Download
Topic: Buffer Overflow in Netware Web Server PERL Handler
Platform : Netware 5.1 SP6, Netware 6 under certain conditions.
Application : NetWare Enterprise Web Server
Advisory URL: http://www.protego.dk/advisories/200301.html
Identifiers: CERT: VU# 185593, CVE: CAN-2003-0562
Vendor Name: Novell, Inc.
Vendor URL: http://www.novell.com
Vendor contacted: 10-Feb-2003
Public release: 23-Jul-2003

Problem:
The Netware Enterprise Server does not perform proper bounds check on
requests passed to the perl interpreter through the perl virtual
directory. This results in a buffer overflow condition, when large
requests are sent to the perl interpreter.

Details:
The issue can be triggered by requesting the perl virtual directory
followed by a long string.

http://server/perl/aaaaaa...[Unspecified number of characters]

The vulnerability occurs in the CGI2PERL.NLM module.

Impact:
A request like the above will overrun the allocated buffer and overwrite
EIP, causing the server to ABEND and either suspend the process or
restart itself, thereby creating a Denial of Service situation.

Corrective actions:
Novell has made a patch for this issue:
http://support.novell.com/servlet/tidfinder/2966549

Disclaimer:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an "AS IS" condition.
There are NO warranties with regard to this information. In no event
shall PROTEGO be liable for any consequences or damages, including
direct, indirect, incidental, consequential, loss of business profits or
special damages, arising out of or in connection with the use or spread
of this information. Any use of this information lies within the user's
responsibility. All registered and unregistered trademarks represented
in this document are the sole property of their respective owners.

Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close