Denial of Service Vulnerability in Novell Open Enterprise Server
CVE-2013-3707

Currently unrated

Key Information:

Vendor: Novell
Status: Open Enterprise Server
Vendor: CVE Published:; 1 December 2013

Summary

The HTTPSTK service within the novell-nrm package in Novell Open Enterprise Server 2 and OES 11 Linux does not properly execute SSL_free and SSL_shutdown during the conclusion of TCP connections. This oversight allows remote attackers to initiate multiple TCP connections to port 8009, potentially leading to service disruptions. Users of affected versions should ensure they apply updates to mitigate the risk of server crashes.

References

http://www.novell.com/support/kb/doc.php?id=7014063

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 1, 2013
Vulnerability Reserved
May 30, 2013