Environment
Novell Open Enterprise Server 11 (OES 11) Linux Support Pack 1
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Open Enterprise Server 11 (OES 11) Linux
Novell Open Enterprise Server 2 (OES 2) Linux
Situation
The HTTPSTK service listening on port 8009 does not properly close connections after a simple TCP handshake. This can lead to a buildup of CLOSE_WAIT connections and prevent legitimate access; Eventually causing the service to crash.
The exploit does not require authentication and takes down a key service of the Novell server..
The exploit does not require authentication and takes down a key service of the Novell server..
Resolution
Tentatively fixed in rpm novell-nrm-2.0.2-297.305.302.3 included in the OES-May-13 channel updates, but still under testing/investigation.
Cause
Problem was that SSL_free and SSL_shutdown were not being called on erros. SSLsocket was being treated like a socket when it actually is a SSL connection.
Additional Information
Identifier(s): CVE-2013-3707
Discovered and reported by: "swappiness0"
Discovered and reported by: "swappiness0"