PRIOn knowledge basePRION:CVE-2006-2327

HistoryMay 12, 2006 - 12:02 a.m.

Integer overflow

2006-05-1200:02:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

Low

0.658 Medium

EPSS

Percentile

97.9%

JSON

Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function.

CPENameOperatorVersion
netwareeq6.5 sp3
netwareeq6.5 sp1
netwareeq6.5 sp2
netwareeq6.5 sp1.1a
netwareeq6.5 sp4
netwareeq6.5 sp1.1b
netwareeq6.5 sp5
netwareeq6.5

Name	Operator	Version
netware	eq	6.5 sp3
netware	eq	6.5 sp1
netware	eq	6.5 sp2
netware	eq	6.5 sp1.1a
netware	eq	6.5 sp4
netware	eq	6.5 sp1.1b
netware	eq	6.5 sp5
netware	eq	6.5

References

lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html

securitytracker.com/id?1016068

support.novell.com/cgi-bin/search/searchtid.cgi?/2973700.htm

www.hustlelabs.com/novell_ndps_advisory.pdf

www.osvdb.org/25433

www.securityfocus.com/archive/1/434017/100/0/threaded

www.securityfocus.com/bid/17922

www.vupen.com/english/advisories/2006/1740

exchange.xforce.ibmcloud.com/vulnerabilities/26314