IT managers of NetWare 5.1 and NetWare 6 networks need to be aware of a vulnerability in the operating system that makes it subject to intrusions that could cause the system to crash.
IXSecurity.com, an IT security firm, Thursday reported that NetWare 5.1 and 6 are vulnerable to a buffer overflow condition that could affect server operation.
Both operating systems can be attacked through the NetWare 6 Remote Manager utility, also called the Portal NLM (NetWare Loadable Module), a Web-based server management interface. With scripts or just the correct combination of keystrokes, intruders could cause servers to crash or abend (Abnormal End), or they could execute code on the server.
IXSecurity claims it notified Novell last month about the problem and Novell failed to respond. IXSecurity suggests that users disable the NetWare Remote Manager NLM called HTTPSTK.NLM until Novell issues a patch.
The vulnerability, Novell indicates occurs when an intruder launches a script against the authentication for the site. The company claims that normal browser access doesn't allow this kind of denial-of-service attack.
Nonetheless, without the fix there are existing ways to restrict access to the NetWare Remote Manager, such as by applying IP filtering to secure port 8009 or using some of the utilities built into the utility itself.
Novell indicates it will have a patch for this vulnerability as soon as Monday. The patch, which the company says should be applied to all NetWare 5.1 and 6 servers, can be downloaded from the technical patch site. The patch, which consists of a new version of HTTPSTK.NLM, will also be added into the next Novell support pack.
RELATED LINKS
