{"vuid":"VU#578105","idnumber":"578105","name":"Novell NetWare NFS denial of service vulnerability","keywords":["Novell","NetWare","buffer overflow","NFS mount daemon","XNFS.NLM"],"overview":"The Novell NetWare NFS mount daemon contains a denial of service vulnerability.","clean_desc":"Network File System (NFS) is an ONC RPC based file and print sharing protocol. Novell Netware includes support for the NFS protocol. From Novell Support Document 3008097: If an NFS client attempts a mount command against a NetWare 6.5 NFS server, and the path component of the command exceeds 508 characters, the XNFS.NLM on the NetWare server will abend, in an rpcWorkerThread. This can happen anytime XNFS.NLM is loaded, even if there is not any path currently exported. This makes the NetWare server vulnerable to denial-of-service attack, anytime XNFS.NLM is loaded. This vulnerability is not necessarily limited to NetWare 6.5 SP6. Older support packs are likely vulnerable as well.","impact":"A remote, unauthenticated attacker may be able to create a denial of service condition.","resolution":"Update\nNovell has released an update to address this issue. See Novell support document 5004900 for details about patch availability.","workarounds":"Restrict access\nRestriciting network access to NFS servers and clients may mitigate this vulnerability.","sysaffected":"","thanks":"Thanks to Novell for information that was used in this report.","author":"This document was written by Ryan Giobbi.","public":["https://secure-support.novell.com/KanisaPlatform/Publishing/23/3008097_f.SAL_Public.html","http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5004900.html","http://www.novell.com/documentation/nfs30/admin/data/aer39lq.html","http://tools.ietf.org/html/rfc3530","http://en.wikipedia.org/wiki/Network_File_System_%28protocol%29","http://secunia.com/advisories/25697/"],"cveids":["CVE-2007-3207"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-06-15T16:44:51Z","publicdate":"2007-06-15T00:00:00Z","datefirstpublished":"2007-06-27T13:20:44Z","dateupdated":"2007-06-27T13:21:05Z","revision":3,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"5","cam_impact":"6","cam_easeofexploitation":"18","cam_attackeraccessrequired":"12","cam_scorecurrent":"3.2805","cam_scorecurrentwidelyknown":"3.645","cam_scorecurrentwidelyknownexploited":"6.075","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.2805,"vulnote":null}