Vulnerability Details : CVE-2010-0625
Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP server in Novell NetWare 5.1 through 6.5 SP8 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long (1) MKD, (2) RMD, (3) RNFR, or (4) DELE command.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2010-0625
- cpe:2.3:o:novell:netware:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:5.1:sp3:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:5.1:sp2a:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:5.1:sp4:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:5.1:sp6:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp1.1a:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp1.1b:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp3:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp2:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp5:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp4:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp6:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp7:*:*:*:*:*:*
- cpe:2.3:o:novell:netware:6.5:sp8:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.02r:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.02i:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.01i:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.01o:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.01w:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.01y:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.02b:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.02y:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.04.25:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.04.20:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.04.8:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.03l:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.04.5:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.03b:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.05.04:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.06.04:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.06.05:*:*:*:*:*:*:*
- cpe:2.3:a:novell:netware_ftp_server:5.07.02:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0625
33.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0625
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2010-0625
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0625
-
https://bugzilla.novell.com/show_bug.cgi?id=569496
Access Denied
-
http://securitytracker.com/id?1023768
NetWare FTP Server Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTracker
-
http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1
What fixes are in NWFTPD.NLM v5.10.02, March 9, 2011?
-
http://www.securityfocus.com/archive/1/510557/100/0/threaded
SecurityFocus
-
http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=12&Itemid=12
-
http://www.securityfocus.com/bid/39041
Novell Netware FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
-
http://www.zerodayinitiative.com/advisories/ZDI-10-062
ZDI-10-062 | Zero Day Initiative
-
http://www.securityfocus.com/archive/1/510353/100/0/threaded
SecurityFocus
-
http://www.vupen.com/english/advisories/2010/0742
Webmail | OVH- OVHVendor Advisory
-
http://secunia.com/advisories/39151
Sign inVendor Advisory
Jump to