Denial of Service and Code Execution Vulnerability in Novell Netware 6.5 NFS
CVE-2010-4227

Currently unrated

Key Information:

Vendor: Novell
Status: Netware
Vendor: CVE Published:; 25 February 2011

Summary

The xdrDecodeString function within the NFS component of Novell Netware 6.5 prior to Service Pack 8 is susceptible to a vulnerability that can be exploited by remote attackers. By sending a specially crafted and signed value in an NFS RPC request directed to UDP port 1234, an attacker can cause a denial of service, potentially crashing the application, or may execute arbitrary code, leading to severe impacts on system integrity and security. This flaw underscores the importance of promptly applying security updates and monitoring NFS interactions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65625

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/46535

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2011/0497

vdb-entryx_refsource_VUPEN

EPSS Score

51% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Nov 10, 2010