Potential Security Vulnerability with NetStorage

  • 7005282
  • 03-Feb-2010
  • 27-Apr-2012

Environment

Novell NetStorage
Novell NetWare 6.5 Support Pack 8
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 1
Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2

Situation

There may be a potential security vulnerability with NetStorage that may allow remote attackers to execute arbitrary code on vulnerable installations of Novell NetStorage. Authentication is not required to exploit this vulnerability.
 
NetStorage on both NetWare and OES Linux is affected by this.

Resolution

On OES2, the fix has been included in the patch channel, so if the OES2 server has been fully patched on OES2 SP2 the system is not vulnerable to this potential threat.
 
On NetWare, the fix is currently available here.

Additional Information

This defect was reported by researcher 1c239c43f521145fa8385d64a9c32243 through TippingPoint's Zero Day Initiative (ZDI).