This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote web server.
The remote host is running Novell Remote Manager HTTP service
for SuSE Enterprise or Open Enterprise Server.
The remote version of this software is vulnerable to a heap overflow
attack that may be exploited by sending a negative value for the
Since the 'httpstkd' service runs with the root privileges, an
attacker can leverage this issue to gain full control of the remote
Novell has released a patch for the novell-nrm service :
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.4
Public Exploit Available : false