Novell Client for Windows 2000/XP/2003 4.91 Support Pack 2
DOS in srvloc.sys causing following condition:
An attempt was made to access a pageable (or completely invalid) address at
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arg1: 00000006, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 804204bd, address which referenced memory
This is caused by sending a specifically crafted packet to port 427.
This is resolved in the Novell Client 4.91 sp3.
StatusReported to Engineering
This vulnerability was found by Tyler Krpata.