Buffer overflow in Novell Netware

CVE-2010-2351

Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.

Vulnerability class: Buffer Overflow

EPSS: 0.250 (96.3th percentile) — read the EPSS interpretation.

Affected products

Novell Netware — versions 6.5, 5.0, 6.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (Exploit, x_refsource_MISC)
netware-cifsnlm-bo(59501) (vdb-entry, x_refsource_XF)
40199 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
40908 (Exploit, vdb-entry, x_refsource_BID)
ADV-2010-1514 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch)
13906 (Exploit, exploit, x_refsource_EXPLOIT-DB)