[VulnWatch] cqure.net.20020604.netware_dhcpsrvr
From: Patrik Karlsson (patrik@cqure.net)Date: 06/25/02
- Previous message: Arrigo Triulzi: "[VulnWatch] OpenSSH 3.2 vulnerability requiring "priv. separation""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Jun 2002 18:49:33 -0100 (GMT+1) From: Patrik Karlsson <patrik@cqure.net> To: vulnwatch@vulnwatch.org
cqure.net Security Vulnerability Report
No: cqure.net.20020604.netware_dhcpsrvr
=======================================
Vulnerability Summary
---------------------
Problem: The Netware DHCP server has a DOS
vulnerability.
Threat: An attacker could cause the Netware server
to reboot, simple by issueing a
"non-standard" dhcp request.
Affected Software: Novell Netware FTP server.
Platforms: Netware 6.0 verified SP 1.
Solutions: Install patches from Novell as soon as
they become available.
Vulnerability Description
-------------------------
The DHCP server suffers from multiple bufferoverflows which can be
triggered by sending oversized "non-standard" requests to the DHCP
server.
Additional Information
----------------------
Novell was contacted 20020604.
This vulnerability was found by
Patrik Karlsson & Jonas Ländin
patrik@cqure.net
jonas@cqure.net
This document is also available at: http://www.cqure.net/advisories/
- Previous message: Arrigo Triulzi: "[VulnWatch] OpenSSH 3.2 vulnerability requiring "priv. separation""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
