// For flags

CVE-2010-4228

Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability

Severity Score

9.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.

Desbordamiento de búfer basado en pila en NWFTPD.NLM anteriores a v5.10.02 en el servidor FTP en Novell NetWare, permite a usuarios remotos autenticados ejecutar código de su elección o provocar una denegación de servicio (abend) a través de un comando DELE, es una vulnerabilidad distinta que CVE-2010-0625.4

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Netware. Authentication is required to exploit this vulnerability.
The flaw exists within NWFTPD.NLM. When handling the argument provided to the DELE command the application copies user supplied data to a fixed length stack buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the super user.

*Credits: Francis Provencher for Protek Research Lab's
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-11-10 CVE Reserved
  • 2011-03-18 CVE Published
  • 2011-03-21 First Exploit
  • 2024-08-07 CVE Updated
  • 2024-08-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Novell
Search vendor "Novell"
Netware
Search vendor "Novell" for product "Netware"
5.1
Search vendor "Novell" for product "Netware" and version "5.1"
-
Affected
Novell
Search vendor "Novell"
Netware
Search vendor "Novell" for product "Netware"
6.0
Search vendor "Novell" for product "Netware" and version "6.0"
-
Affected
Novell
Search vendor "Novell"
Netware
Search vendor "Novell" for product "Netware"
6.5
Search vendor "Novell" for product "Netware" and version "6.5"
-
Affected