CIFS.NLM pre-authentication vulnerability

  • 7005333
  • 10-Feb-2010
  • 26-Apr-2012


Novell NetWare 6.5
Novell NetWare 6.5 Support Pack 8


A pre-authentication vulnerability has been found against CIFS.NLM and tested against the latest SP 8 release.  Long usernames can cause a stack overflow, resulting in a server abend.


Apply the NSS Update for NetWare 6.5 Support Pack 8 called

Additional Information

This vulnerability was reported to Novell by:
  * Laurent Gaffié of Stratsec