CIFS.NLM pre-authentication vulnerability

Document ID:7005333
Creation Date:10-Feb-2010
Modified Date:26-Apr-2012
- Micro Focus Products:
  NetWare

Environment

Novell NetWare 6.5

Novell NetWare 6.5 Support Pack 8

Situation

A pre-authentication vulnerability has been found against CIFS.NLM and tested against the latest SP 8 release. Long usernames can cause a stack overflow, resulting in a server abend.

Resolution

Apply the NSS Update for NetWare 6.5 Support Pack 8 called N65NSS8C.zip

Additional Information

This vulnerability was reported to Novell by:

* Laurent Gaffié of Stratsec