CERT-In Vulnerability Note CIVN-2010-111
Novell Netware FTP Server RMD/RNFR/DELE commands Remote code execution Vulnerability

Original Issue Date: April 09, 2010

Severity Rating:Medium

System Affected

• Novell NetWare version 6.5 SP8 and prior
• Novell NetWare FTP Server prior to 5.10.01

Overview

A buffer overflow vulnerability has been reported in Novell Netware FTP , which could be exploited by a remoter attacker to execute arbitrary code.

Description

Netware FTP Server is an FTP server for Novell platform.

The vulnerability exists in the FTP daemon NWFTPD.nlm which fails to sanitize certain FTP commands viz RMD,RNFR,DELE. Sending these commands with long parameters leads to a buffer overflow condition and results in remote code execution.
Also failed exploit attempts will crash the daemon resulting a DOS.

NOTE: Authentication or default anonymous access is required to exploit this vulnerability.

Solution

Apply patch nwftpd16.zip

Vendor Information

Novell
http://www.novell.com/support/viewContent.do?externalId
=3238588&sliceId=1
http://support.novell.com/docs/Readmes/InfoDocument/
patchbuilder/readme_5071250.html

References

Novell
http://www.novell.com/support/viewContent.do?externalId
=3238588&sliceId=1
http://support.novell.com/docs/Readmes/InfoDocument/
patchbuilder/readme_5071250.html

ZDI
http://www.zerodayinitiative.com/advisories/ZDI-10-062/

VUPEN
http://www.vupen.com/english/advisories/2010/0742

PROTEK RESEARCH LAB
http://www.protekresearchlab.com/index.php?option=
com_content&view=article&id=12&Itemid=12

CVE Name
CVE-2010-0625

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003