Denial of Service and Code Execution Vulnerability in Novell Netware 6.5 NFS
CVE-2010-4227

Currently unrated

Key Information:

Vendor: Novell
Status: Netware
Vendor: CVE Published:; 25 February 2011

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 38%

What is CVE-2010-4227?

The xdrDecodeString function within the NFS component of Novell Netware 6.5 prior to Service Pack 8 is susceptible to a vulnerability that can be exploited by remote attackers. By sending a specially crafted and signed value in an NFS RPC request directed to UDP port 1234, an attacker can cause a denial of service, potentially crashing the application, or may execute arbitrary code, leading to severe impacts on system integrity and security. This flaw underscores the importance of promptly applying security updates and monitoring NFS interactions.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-4227 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65625

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/46535

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2011/0497

vdb-entryx_refsource_VUPEN

EPSS Score

38% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 25, 2011
👾
Exploit known to exist
Feb 25, 2011
Vulnerability published
Feb 25, 2011
Vulnerability Reserved
Nov 10, 2010

CVE-2010-4227 Data

JSON