Novell Open Enterprise Server Remote Manager (novell-nrm) POST Request Content-Length Overflow

high Nessus Plugin ID 20747

Synopsis

Arbitrary code can be executed on the remote web server.

Description

The remote host is running Novell Remote Manager HTTP service for SuSE Enterprise or Open Enterprise Server.

The remote version of this software is vulnerable to a heap overflow attack that may be exploited by sending a negative value for the 'Content-Length' field.

Since the 'httpstkd' service runs with the root privileges, an attacker can leverage this issue to gain full control of the remote host.

Solution

Novell has released a patch for the novell-nrm service :
http://www.novell.com/linux/security/advisories/2006_02_novellnrm.html

Plugin Details

Severity: High

ID: 20747

File Name: novell_nrm.nasl

Version: 1.18

Type: remote

Family: Web Servers

Published: 1/20/2006

Updated: 7/16/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 12/6/2005

Vulnerability Publication Date: 1/13/2006

Reference Information

CVE: CVE-2005-3655

BID: 16226