Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote web server.

Description :

The remote host is running Novell Remote Manager HTTP service
for SuSE Enterprise or Open Enterprise Server.

The remote version of this software is vulnerable to a heap overflow
attack that may be exploited by sending a negative value for the
'Content-Length' field.

Since the 'httpstkd' service runs with the root privileges, an
attacker can leverage this issue to gain full control of the remote
host.

Solution :

Novell has released a patch for the novell-nrm service :
http://www.novell.com/linux/security/advisories/2006_02_novellnrm.html

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 20747 ()

Bugtraq ID: 16226

CVE ID: CVE-2005-3655