Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gain root remotely --> Category: infos

SuSE Open Enterprise Server Novell Remote Manager HTTP Request Header Heap Overflow Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for Novel Remort Manager HTTP Heap Overflow

Detailed Explanation for this Vulnerability Test

Synopsis :

Arbitrary code can be executed on the remote web server.

Description :

The remote host is running Novell Remote Manager HTTP service
for SuSE Enterprise or Open Enterprise Server.
The remote version of this software is vulnerable to a heap overflow
vulnerability which may be exploited by sending a negative value for
the 'Content-Length' field.

Since the 'httpstkd' service runs with the root rights, an
attacker can gain full control of the remote host.

Solution :

Novell has released a patch for the novell-nrm service :

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.