CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2009-5153
https://notcve.org/view.php?id=CVE-2009-5153
In Novell NetWare before 6.5 SP8, a stack buffer overflow in processing of CALLIT RPC calls in the NFS Portmapper daemon in PKERNEL.NLM allowed remote unauthenticated attackers to execute code, because a length field was incorrectly trusted. En Novell NetWare en versiones anteriores a la 6.5 SP8, un desbordamiento de búfer basado en pila durante el procesamiento de llamadas CALLIT RPC en el demonio NFS Portmapper en PKERNEL.NLM permitía que atacantes remotos no autenticados ejecutasen código, debido a que se confió erróneamente en un campo de longitud. • https://bugzilla.suse.com/show_bug.cgi?id=515804 https://download.novell.com/Download?buildid=1z3z-OsVCiE~ https://www.zerodayinitiative.com/advisories/ZDI-09-067 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 94%CPEs: 8EXPL: 4CVE-2010-4227 – Novell Netware RPC XNFS xdrDecodeString Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4227
The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow. La función xdrDecodeString en XNFS.NLM en Novell Netware v6.5 anterior a SP8 permite a atacantes remotos provocar una denegación de servicio o ejecutar código arbitrario a través de un valor firmado manipulado en una peticion RPC NFS para el puerto UDP 1234, dando lugar a un desbordamiento de búfer basado en pila. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is not required to exploit this vulnerability. The flaw exists within the XNFS.NLM component which listens by default on UDP port 1234. When handling the an NFS RPC request the xdrDecodeString function uses a user supplied length value to null terminate a string. • https://www.exploit-db.com/exploits/16234 http://download.novell.com/Download?buildid=1z3z-OsVCiE~ http://secunia.com/advisories/43431 http://securityreason.com/securityalert/8104 http://www.exploit-db.com/exploits/16234 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=24&Itemid=24 http://www.securityfocus.com/archive/1/516645/100/0/threaded http://www.securityfocus.com/bid/46535 http://www.securitytracker.com/id?1025119 http://www.vupen.com/english& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 40%CPEs: 20EXPL: 4CVE-2010-2351 – Netware - SMB Remote Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2010-2351
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName. Desbordamiento de búfer basado en pila en el controlador CIFS.NLM de Netware SMB v1.0 de Novell Netware v6.5 SP8 y anteriores. Permite a atacantes remotos ejecutar código de su elección a través de un paquete Sessions Setup AndX con un AccountName extenso. • https://www.exploit-db.com/exploits/13906 http://download.novell.com/Download?buildid=tMWCI1cdI7s~ http://secunia.com/advisories/40199 http://www.exploit-db.com/exploits/13906 http://www.securityfocus.com/bid/40908 http://www.stratsec.net/Research/Advisories/SS-2010-006-Netware-SMB-Remote-Stack-Overflow http://www.vupen.com/english/advisories/2010/1514 https://exchange.xforce.ibmcloud.com/vulnerabilities/59501 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0CVE-2008-5696
https://notcve.org/view.php?id=CVE-2008-5696
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations. Novell NetWare 6.5, en versiones anteriores al Support Pack 8, cuando un servidor Linux OES2 se instala en el árbol NDS, no requiere una contraseña para la consola ApacheAdmin, lo que permite a atacantes remotos reconfigurar el Servidor HTTP Apache a través de operaciones de consola. • http://secunia.com/advisories/32989 http://www.novell.com/support/viewContent.do?externalId=7001907 http://www.securityfocus.com/bid/32657 http://www.securitytracker.com/id?1021350 http://www.vupen.com/english/advisories/2008/3368 https://exchange.xforce.ibmcloud.com/vulnerabilities/47104 • CWE-255: Credentials Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0805
https://notcve.org/view.php?id=CVE-1999-0805
Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. • http://archives.neohapsis.com/archives/bugtraq/1999_2/0439.html https://exchange.xforce.ibmcloud.com/vulnerabilities/2184 •