CVE-2010-4228
Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
Desbordamiento de búfer basado en pila en NWFTPD.NLM anteriores a v5.10.02 en el servidor FTP en Novell NetWare, permite a usuarios remotos autenticados ejecutar código de su elección o provocar una denegación de servicio (abend) a través de un comando DELE, es una vulnerabilidad distinta que CVE-2010-0625.4
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability.
The flaw exists within NWFTPD.NLM. When handling the argument provided to the DELE command the application copies user supplied data to a fixed length stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the super user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-11-10 CVE Reserved
- 2011-03-18 CVE Published
- 2011-03-21 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/8149 | Third Party Advisory | |
http://www.novell.com/support/viewContent.do?externalId=3238588 | X_refsource_confirm | |
http://www.zerodayinitiative.com/advisories/ZDI-11-106 | X_refsource_misc | |
https://bugzilla.novell.com/show_bug.cgi?id=641249 | X_refsource_confirm | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/66170 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/17020 | 2011-03-21 | |
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=25&Itemid=25 | 2024-08-07 | |
http://www.securityfocus.com/bid/46922 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/43824 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Novell Search vendor "Novell" | Netware Search vendor "Novell" for product "Netware" | 5.1 Search vendor "Novell" for product "Netware" and version "5.1" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Netware Search vendor "Novell" for product "Netware" | 6.0 Search vendor "Novell" for product "Netware" and version "6.0" | - |
Affected
| ||||||
Novell Search vendor "Novell" | Netware Search vendor "Novell" for product "Netware" | 6.5 Search vendor "Novell" for product "Netware" and version "6.5" | - |
Affected
|