Security News

Novell Netware FTP Server BO (Apr 9, 2010)

By

The Novell Netware operating system provides file sharing and other services such as printing and email. Netware includes an FTP server which facilitates the transfer of files to and from Netware volumes. File transfers can be performed using a regular FTP client.

The initial connection to the FTP server forms the control stream on which FTP service commands are passed from the client on occasion from the server to the client. A separate stream is used for the transfer of data.

FTP service commands define the file transfer or the file system function requested by a connected user. Some examples of FTP commands are listed:

  • CWD – to change the working directory
  • MKD – to create a directory
  • RMD – to delete a directory
  • LIST – to transfer a list of files in the current directory
  • NLST – to transfer names of files with CRLF or NL characters

A buffer overflow vulnerability exists in the Novell Netware FTP service. The vulnerability is due to insufficient boundary checks when processing some FTP commands. The vulnerable code performs an internal memory copy of a user supplied string into a static size buffer without validating the length of the string. When an FTP user requests directory creation or removal with an overly long argument, the vulnerable code will copy the argument past the aforementioned buffer.

Exploitation of this vulnerability may result in process flow diversion of the vulnerable service. The service will continue to operate after an unsuccessful code injection attempt. This may give the attacker multiple chances to exploit the targeted host. Only authenticated users have the ability to attempt an attack as the affected commands are available post authentication only.

SonicWALL already has existing signatures addressing this type of flaw that will detect and block attacks targeting this vulnerability. The following signatures are available:

  • 34 – MKD Command BO Attempt
  • 239 – RMD Command BO Attempt

This vulnerability has been assigned CVE-2010-0625 by Mitre. The vendor has released an advisory with a patch addressing this issue.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
The Android Zazdi botnet uses FCM to communicate with its infected bots
Microsoft XML Core Services Uninitialized Object Access (June 22, 2012)
Snake Keylogger abusing Protocol Buffers seen in the wild
Latest DBatLoader Uses Driver Module to Disable AV/EDR Software
Adobe Photoshop ABR BO (May 28, 2010)
Attackers actively targeting vulnerable ZyXEL routers
Adobe Flash Player Zero Day exploit (Jun 8, 2010)
Microsoft OLE Remote Code Execution CVE-2014-6352 (October 22, 2014)