Wednesday, August 31, 2005

NetWare CIFS Denial of Service Vulnerability

A vulnerability has been reported in NetWare, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in CIFS.NLM when handling password lengths and can be exploited to cause crash the service.

The vulnerability has been reported in NetWare 5.1, 6.0, 6.5 SP2 and 6.5 SP3.

NOTE: The "worm_rbot.ccc" worm, which exploits a Windows vulnerability, may reportedly trigger this vulnerability.

Apply CIFS update.

No comments: