Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow
High Nessus Plugin ID 20747
SynopsisArbitrary code can be executed on the remote web server.
DescriptionThe remote host is running Novell Remote Manager HTTP service for SuSE Enterprise or Open Enterprise Server.
The remote version of this software is vulnerable to a heap overflow attack that may be exploited by sending a negative value for the 'Content-Length' field.
Since the 'httpstkd' service runs with the root privileges, an attacker can leverage this issue to gain full control of the remote host.
SolutionNovell has released a patch for the novell-nrm service :