Vulnerabilities > CVE-2006-2327 - Numeric Errors vulnerability in Novell Netware 6.5

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

novell

CWE-189

NVD

Published: 2006-05-12

Updated: 2018-10-18

Summary

Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. Apply fix for Novell NetWare 6.5 Support Pack 3, 4, or 5.

Vulnerable Configurations

Part	Description	Count
OS	Novell Novell Netware 6.5	8

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html
http://securitytracker.com/id?1016068
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973700.htm
http://www.hustlelabs.com/novell_ndps_advisory.pdf
http://www.osvdb.org/25433
http://www.securityfocus.com/archive/1/434017/100/0/threaded
http://www.securityfocus.com/bid/17922
http://www.vupen.com/english/advisories/2006/1740
https://exchange.xforce.ibmcloud.com/vulnerabilities/26314