Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.

Synopsis :

Arbitrary code can be executed on the remote web server.

Description :

The remote host is running Novell Remote Manager HTTP service
for SuSE Enterprise or Open Enterprise Server.

The remote version of this software is vulnerable to a heap overflow
attack that may be exploited by sending a negative value for the
'Content-Length' field.

Since the 'httpstkd' service runs with the root privileges, an
attacker can leverage this issue to gain full control of the remote

Solution :

Novell has released a patch for the novell-nrm service :

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.4
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 20747 ()

Bugtraq ID: 16226

CVE ID: CVE-2005-3655