Novell Netware FTP Server Buffer Overflow (Mar 25, 2011)

By

Novell Netware is a network operating system developed by Novell. One of the services provided by Novell Netware is Netware FTP Server, which supplies file-transferring to and from Netware volumes.

FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server. Several FTP commands are available to perform different operations. The DEL/DELE command performs file deletion on the FTP server.

The syntax for DEL/DELE command is as follow:

DEL
or
DELE

A stack buffer overflow vulnerability exists in Novell Netware FTP Server. The vulnerability is due to insufficient boundary checks when processing the DEL/DELE command. Remote authenticated attackers could exploit this vulnerability by connecting to a vulnerable Netware FTP Server and sending a malicious DEL/DELE command to the target server. Successful exploitation would allow for arbitrary code injection and execution with the privileges of the FTP service. Code injection that does not result in execution would terminate the FTP session.

The vulnerability has been assigned as CVE-2010-4228.

SonicWALL has released several IPS signatures to detect and block exploits targeting this vulnerability. The signatures are listed below:

  • 238 – DELE Command BO Attempt

  • 5541 – Generic FTP Shellcode Exploit 1
  • 2099 – Generic FTP Shellcode Exploit 2
  • 4961 – Generic FTP Shellcode Exploit 3
  • 4982 – Generic FTP Shellcode Exploit 4
  • 6367 – Generic FTP Shellcode Exploit 5
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.