exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

netware.perl.txt

netware.perl.txt
Posted Jul 23, 2003
Authored by Uffe Nielsen | Site protego.dk

The Netware 5.1 SP6 suffers from a buffer overflow in the web server PERL handler CGI2PERL.NLM which will cause a denial of service situation. CERT: VU# 185593.

tags | advisory, web, denial of service, overflow, perl
advisories | CVE-2003-0562
SHA-256 | fe0de70876ed6743218b3c34d52b1cccb867bd93640ab254fbe70590d1973c6e

netware.perl.txt

Change Mirror Download
Topic: Buffer Overflow in Netware Web Server PERL Handler
Platform : Netware 5.1 SP6, Netware 6 under certain conditions.
Application : NetWare Enterprise Web Server
Advisory URL: http://www.protego.dk/advisories/200301.html
Identifiers: CERT: VU# 185593, CVE: CAN-2003-0562
Vendor Name: Novell, Inc.
Vendor URL: http://www.novell.com
Vendor contacted: 10-Feb-2003
Public release: 23-Jul-2003

Problem:
The Netware Enterprise Server does not perform proper bounds check on
requests passed to the perl interpreter through the perl virtual
directory. This results in a buffer overflow condition, when large
requests are sent to the perl interpreter.

Details:
The issue can be triggered by requesting the perl virtual directory
followed by a long string.

http://server/perl/aaaaaa...[Unspecified number of characters]

The vulnerability occurs in the CGI2PERL.NLM module.

Impact:
A request like the above will overrun the allocated buffer and overwrite
EIP, causing the server to ABEND and either suspend the process or
restart itself, thereby creating a Denial of Service situation.

Corrective actions:
Novell has made a patch for this issue:
http://support.novell.com/servlet/tidfinder/2966549

Disclaimer:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an "AS IS" condition.
There are NO warranties with regard to this information. In no event
shall PROTEGO be liable for any consequences or damages, including
direct, indirect, incidental, consequential, loss of business profits or
special damages, arising out of or in connection with the use or spread
of this information. Any use of this information lies within the user's
responsibility. All registered and unregistered trademarks represented
in this document are the sole property of their respective owners.

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close