10

CVE-2006-2304

Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function.  NOTE: this was originally reported to be a buffer overflow by Novell, but the original cause is an integer overflow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NovellClient Version4.83 Updatesp3
NovellClient Version4.90 Updatesp2
NovellClient Version4.91 Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.25% 0.942
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/046048.html
http://secunia.com/advisories/20048
Vendor Advisory
http://securitytracker.com/id?1016052
Patch
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2973719.htm
Patch
http://www.hustlelabs.com/novell_ndps_advisory.pdf
Patch
Vendor Advisory
http://www.osvdb.org/25429
http://www.securityfocus.com/archive/1/434017/100/0/threaded
http://www.securityfocus.com/bid/17931
Patch
http://www.vupen.com/english/advisories/2006/1759
https://exchange.xforce.ibmcloud.com/vulnerabilities/26314