Release DateMar 16, 2010 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a code execution vulnerability inNovell Netstorage xsrvd. The vulnerability is caused by an error when the vulnerable software handles a malicious long URI. It allows a remote attacker to execute arbitrary code via sending a crafted HTTP request. |
Affected ProductsNovell NetStorageNovell NetWare 6.5 Support Pack 8 Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1 Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2 |
Recommended ActionsUpgrade to latest version of the software. See http://www.novell.com/support/viewContent.do?externalId=7005282 for details |
Coverage IPS
VCM |
Reference/shttp://www.zerodayinitiative.com/advisories/ZDI-10-021/ |
