Novell NetWare 6.5 OpenSSH Remote Stack Buffer Overflow

High Nessus Plugin ID 44066

Synopsis

The SSH server running on the remote host has a buffer overflow vulnerability.

Description

The version of OpenSSH running on the remote Novell NetWare host has a stack-based buffer overflow vulnerability. When attempting to resolve an absolute path on the server, data is copied into a 512 byte buffer without any bounds checking. A remote, authenticated attacker could exploit this to execute arbitrary code.

Solution

There is no fix available, and the software is no longer supported.

See Also

http://www.securityfocus.com/archive/1/513483/30/0/threaded

http://www.zerodayinitiative.com/advisories/ZDI-10-169/

http://www.novell.com/support/viewContent.do?externalId=7006756

http://www.nessus.org/u?240e3831

Plugin Details

Severity: High

ID: 44066

File Name: netware_sshd_buffer_overflow.nasl

Version: $Revision: 1.5 $

Type: remote

Family: Netware

Published: 2011/10/04

Modified: 2012/01/31

Dependencies: 19763, 11936, 10267

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:U/RC:C

Vulnerability Information

CPE: cpe:/o:novell:netware:6.5

Required KB Items: Host/OS

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2010/08/30

Reference Information

BID: 42875

EDB-ID: 14866