Vulnerability Description
Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are not properly handled by (1) the CIFS functionality in CIFS.nlm Semantic Agent (Build 163 MP) 3.27 or (2) the AFP functionality in AFPTCP.nlm Build 163 SP 3.27. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Netware | 6.5 |
Related Weaknesses (CWE)
References
- http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial
- http://secunia.com/advisories/38114Vendor Advisory
- http://www.exploit-db.com/exploits/11009Exploit
- http://www.securityfocus.com/archive/1/508731/100/0/threaded
- http://www.securityfocus.com/bid/37616Exploit
- http://www.securitytracker.com/id?1023400
- http://www.vupen.com/english/advisories/2010/0041Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55389
- http://protekresearch.blogspot.com/2010/01/prl-cifsnlm-memory-consumption-denial
- http://secunia.com/advisories/38114Vendor Advisory
- http://www.exploit-db.com/exploits/11009Exploit
- http://www.securityfocus.com/archive/1/508731/100/0/threaded
- http://www.securityfocus.com/bid/37616Exploit
- http://www.securitytracker.com/id?1023400
- http://www.vupen.com/english/advisories/2010/0041Vendor Advisory
FAQ
What is CVE-2010-0317?
CVE-2010-0317 is a vulnerability with a CVSS score of 7.8 (HIGH). Novell Netware 6.5 SP8 allows remote attackers to cause a denial of service (NULL pointer dereference, memory consumption, ABEND, and crash) via a large number of malformed or AFP requests that are no...
How severe is CVE-2010-0317?
CVE-2010-0317 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0317?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Netware.