Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow

High Nessus Plugin ID 20747


Arbitrary code can be executed on the remote web server.


The remote host is running Novell Remote Manager HTTP service for SuSE Enterprise or Open Enterprise Server.

The remote version of this software is vulnerable to a heap overflow attack that may be exploited by sending a negative value for the 'Content-Length' field.

Since the 'httpstkd' service runs with the root privileges, an attacker can leverage this issue to gain full control of the remote host.


Novell has released a patch for the novell-nrm service :

Plugin Details

Severity: High

ID: 20747

File Name: novell_nrm.nasl

Version: $Revision: 1.17 $

Type: remote

Family: Web Servers

Published: 2006/01/20

Modified: 2013/04/11

Dependencies: 10107

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:U/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2005/12/06

Vulnerability Publication Date: 2006/01/13

Reference Information

CVE: CVE-2005-3655

BID: 16226

OSVDB: 22455