CVE-2010-0317 - Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereferenc

CVE-2010-0317

Summary

Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information.

References

Vulnerable Configurations

cpe:2.3:o:novell:netware:6.5:sp8:*:*:*:*:*:*
cpe:2.3:o:novell:netware:6.5:sp8:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 10-10-2018 - 19:52)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	37616
bugtraq	20100105 {PRL} Novell Netware CIFS And AFP Remote Memory Consumption DoS
exploit-db	11009
misc	http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial.html
sectrack	1023400
secunia	38114
vupen	ADV-2010-0041
xf	netware-afptcp-dos(55389)

Last major update

10-10-2018 - 19:52

Published

15-01-2010 - 18:30

Last modified

10-10-2018 - 19:52